WP-Safety

AutoWP – AI Content Writer & Rewriter Security & Risk Analysis

wordpress.org/plugins/autowp-ai-content-writer-rewriter

AI Content Writer & Rewriter. Write content with AI from zero. Import content from RSS, Wordpress, Google News and rewrite with AI.

1K active installs v2.2.8 PHP 7.2+ WP 5.2+ Updated Apr 5, 2026
ai-content-generatorai-image-generatorai-post-generatorai-rewriterartificial-intelligence
77
B · Generally Safe
CVEs total2
Unpatched1
Last CVEAug 21, 2025
Plugin page Download
Safety Verdict

Is AutoWP – AI Content Writer & Rewriter Safe to Use in 2026?

Mostly Safe

Score 77/100

AutoWP – AI Content Writer & Rewriter is generally safe to use. 2 past CVEs were resolved.

2 known CVEs 1 unpatched Last CVE: Aug 21, 2025Updated 1mo ago
Risk Assessment

The "autowp-ai-content-writer-rewriter" plugin exhibits a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and properly escaping most output, significant concerns remain. The presence of 102 dangerous function calls, particularly `unserialize`, coupled with taint analysis revealing two high-severity flows with unsanitized paths, indicates potential for serious vulnerabilities like Remote Code Execution or Local File Inclusion. Furthermore, the plugin has a history of known vulnerabilities, including a currently unpatched medium-severity issue, and previous medium-severity vulnerabilities included Missing Authorization and CSRF, suggesting recurring patterns of insecure coding practices related to access control and user input validation.

The attack surface is moderate with four AJAX handlers, one of which lacks authentication checks. This unprotected entry point, combined with the identified taint flows and dangerous functions, presents a clear risk. The plugin's reliance on manual capability checks (only one found) further exacerbates this, as it suggests insufficient authorization enforcement across its functionalities. While the plugin has a reasonable number of nonce checks and a relatively clean approach to REST API and shortcodes, the identified high-severity taint flows and the unpatched CVE are the most pressing concerns that significantly elevate the overall risk profile.

Key Concerns

  • Unpatched CVE
  • High severity taint flow with unsanitized path (x2)
  • Unprotected AJAX handler
  • Dangerous function `unserialize` calls (high count)
  • Only one capability check found
Vulnerabilities
2 published

AutoWP – AI Content Writer & Rewriter Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-48350medium · 4.3Missing Authorization

AutoWP <= 2.2.2 - Missing Authorization

Aug 21, 2025Unpatched
CVE-2024-54300medium · 4.3Cross-Site Request Forgery (CSRF)

AutoWP <= 2.0.8 - Cross-Site Request Forgery

Dec 11, 2024 Patched in 2.0.9 (9d)
Version History

AutoWP – AI Content Writer & Rewriter Release Timeline

v2.2.8Current1 CVE
CVE-2025-48350
v2.2.71 CVE
CVE-2025-48350
v2.2.61 CVE
CVE-2025-48350
v2.2.51 CVE
CVE-2025-48350
v2.2.41 CVE
CVE-2025-48350
v2.2.31 CVE
CVE-2025-48350
v2.2.21 CVE
CVE-2025-48350
v2.2.11 CVE
CVE-2025-48350
v2.2.01 CVE
CVE-2025-48350
v2.1.91 CVE
CVE-2025-48350
v2.1.81 CVE
CVE-2025-48350
v2.1.71 CVE
CVE-2025-48350
v2.1.61 CVE
CVE-2025-48350
v2.1.51 CVE
CVE-2025-48350
v2.1.41 CVE
CVE-2025-48350
v2.1.31 CVE
CVE-2025-48350
v2.1.21 CVE
CVE-2025-48350
v2.1.11 CVE
CVE-2025-48350
v2.1.01 CVE
CVE-2025-48350
v2.0.91 CVE
CVE-2025-48350
Code Analysis
Analyzed Mar 16, 2026

AutoWP – AI Content Writer & Rewriter Code Analysis

Dangerous Functions
102
Raw SQL Queries
3
22 prepared
Unescaped Output
60
727 escaped
Nonce Checks
20
Capability Checks
1
File Operations
1
External Requests
9
Bundled Libraries
0

Dangerous Functions Found

unserialize$settings = unserialize(get_option('autowp_settings'));autowp.php:179
unserialize$settings = unserialize(get_option('autowp_settings'));autowp.php:522
unserialize$autowp_settings = unserialize($autowp_settings);autowp.php:558
unserialize$autowp_settings = unserialize($autowp_settings);autowp.php:569
unserialize$settings = $settings ? unserialize($settings) : [];autowp.php:583
unserialize$server_url = unserialize(get_option("autowp_settings"))["autowp_server_url"];autowp.php:709
unserialize$autowp_settings = $autowp_settings ? unserialize($autowp_settings) : [];autowp.php:767
unserialize$max_posts_per_cron = absint(unserialize(get_option('autowp_settings'))['max_posts_per_cron'] ?? 1);autowp.php:781
unserialize$image_settings = unserialize(get_option('autowp_settings'));autowp.php:833
unserialize$server_url = unserialize(get_option("autowp_settings"))["autowp_server_url"];autowp.php:908
unserialize$current_settings = unserialize(get_option('autowp_settings'));autowp.php:996
unserialize$server_url = unserialize(get_option("autowp_settings"))["autowp_server_url"];autowp.php:1112
unserialize$autowp_settings = $autowp_settings ? unserialize($autowp_settings) : [];autowp.php:1135
unserialize$server_url = unserialize(get_option("autowp_settings"))["autowp_server_url"];autowp.php:1994
unserialize$existing_settings = unserialize($existing_settings_serialized);autowp.php:2057
unserialize<option value="1" <?php if(unserialize(get_option("autowp_settings"))["selected_time_type"] === '1'autowp.php:2757
unserialize<option value="2" <?php if(unserialize(get_option("autowp_settings"))["selected_time_type"] === '2'autowp.php:2758
unserialize<option value="3" <?php if(unserialize(get_option("autowp_settings"))["selected_time_type"] === '3'autowp.php:2759
unserialize<option value="4" <?php if(unserialize(get_option("autowp_settings"))["selected_time_type"] === '4'autowp.php:2760
unserialize<input type="radio" name="wpcron_status" value="1" <?php $settings = unserialize(get_option('autowp_autowp.php:2772
unserialize<input type="radio" name="wpcron_status" value="2" <?php $settings = unserialize(get_option('autowp_autowp.php:2775
unserialize<input id="api_email" name="api_email" type="text" class="form-control" value="<?php echo esc_attr(uautowp.php:2794
unserialize<input id="api_key" name="api_key" type="text" class="form-control" value="<?php echo esc_attr(unserautowp.php:2803
unserialize<input id="openai_api_key" name="openai_api_key" type="text" class="form-control" value="<?php echo autowp.php:2812
unserialize<input id="openai_base_url" name="openai_base_url" type="text" class="form-control" value="<?php echautowp.php:2821
unserialize<input id="xai_api_key" name="xai_api_key" type="text" class="form-control" value="<?php echo esc_atautowp.php:2831
unserialize<input id="deepseek_api_key" name="deepseek_api_key" type="text" class="form-control" value="<?php eautowp.php:2840
unserialize$selected_groq_model = isset(unserialize(get_option("autowp_settings"))["groq_model"]) ? unserializeautowp.php:2852
unserialize$selected_groq_model = isset(unserialize(get_option("autowp_settings"))["groq_model"]) ? unserializeautowp.php:2852
unserialize<input id="falai_api_key" name="falai_api_key" type="text" class="form-control" value="<?php echo esautowp.php:2918
unserialize<input id="stabilityai_api_key" name="stabilityai_api_key" type="text" class="form-control" value="<autowp.php:2927
unserialize<input id="serperdev_api_key" name="serperdev_api_key" type="text" class="form-control" value="<?phpautowp.php:2936
unserialize<option value="openai" <?php if (isset(unserialize(get_option("autowp_settings"))["primary_llm"]) &&autowp.php:2946
unserialize<option value="openai" <?php if (isset(unserialize(get_option("autowp_settings"))["primary_llm"]) &&autowp.php:2946
unserialize<option value="xai" <?php if (isset(unserialize(get_option("autowp_settings"))["primary_llm"]) && unautowp.php:2947
unserialize<option value="xai" <?php if (isset(unserialize(get_option("autowp_settings"))["primary_llm"]) && unautowp.php:2947
unserialize<option value="groq" <?php if (isset(unserialize(get_option("autowp_settings"))["primary_llm"]) && uautowp.php:2948
unserialize<option value="groq" <?php if (isset(unserialize(get_option("autowp_settings"))["primary_llm"]) && uautowp.php:2948
unserialize<option value="openai" <?php if (isset(unserialize(get_option("autowp_settings"))["secondary_llm"]) autowp.php:2959
unserialize<option value="openai" <?php if (isset(unserialize(get_option("autowp_settings"))["secondary_llm"]) autowp.php:2959
unserialize<option value="xai" <?php if (isset(unserialize(get_option("autowp_settings"))["primary_llm"]) && unautowp.php:2960
unserialize<option value="xai" <?php if (isset(unserialize(get_option("autowp_settings"))["primary_llm"]) && unautowp.php:2960
unserialize<option value="groq" <?php if (isset(unserialize(get_option("autowp_settings"))["secondary_llm"]) &&autowp.php:2961
unserialize<option value="groq" <?php if (isset(unserialize(get_option("autowp_settings"))["secondary_llm"]) &&autowp.php:2961
unserializeecho isset(unserialize(get_option("autowp_settings"))["default_image_url"]) ? esc_url(unserialize(geautowp.php:2976
unserializeecho isset(unserialize(get_option("autowp_settings"))["default_image_url"]) ? esc_url(unserialize(geautowp.php:2976
unserialize$selected_post_status = isset(unserialize(get_option("autowp_settings"))["post_status"]) ? unserialiautowp.php:2988
unserialize$selected_post_status = isset(unserialize(get_option("autowp_settings"))["post_status"]) ? unserialiautowp.php:2988
unserialize$selected_method = isset(unserialize(get_option("autowp_settings"))["content_image_generation_methodautowp.php:3016
unserialize$selected_method = isset(unserialize(get_option("autowp_settings"))["content_image_generation_methodautowp.php:3016
unserialize$current_value = isset(unserialize(get_option("autowp_settings"))["max_posts_per_cron"]) ?autowp.php:3036
unserializeesc_html(unserialize(get_option("autowp_settings"))["max_posts_per_cron"]) : 1;autowp.php:3037
unserializeecho isset(unserialize(get_option("autowp_settings"))["max_posts_per_day"]) ? esc_html(unserialize(gautowp.php:3053
unserializeecho isset(unserialize(get_option("autowp_settings"))["max_posts_per_day"]) ? esc_html(unserialize(gautowp.php:3053
unserialize<input type="radio" name="spam_ad_filter" value="1" <?php if(unserialize(get_option("autowp_settingsautowp.php:3064
unserialize<input type="radio" name="spam_ad_filter" value="0" <?php if(unserialize(get_option("autowp_settingsautowp.php:3068
unserialize<input type="radio" name="duplicate_content_filter" value="1" <?php if(!isset(unserialize(get_optionautowp.php:3080
unserialize<input type="radio" name="duplicate_content_filter" value="1" <?php if(!isset(unserialize(get_optionautowp.php:3080
unserialize<input type="radio" name="duplicate_content_filter" value="0" <?php if(isset(unserialize(get_option(autowp.php:3084
unserialize<input type="radio" name="duplicate_content_filter" value="0" <?php if(isset(unserialize(get_option(autowp.php:3084
unserialize$selected_image_format = isset(unserialize(get_option("autowp_settings"))["image_format"]) ? unseriaautowp.php:3103
unserialize$selected_image_format = isset(unserialize(get_option("autowp_settings"))["image_format"]) ? unseriaautowp.php:3103
unserialize$selected_style = isset(unserialize(get_option("autowp_settings"))["stable_diffusion_style"]) ? unseautowp.php:3123
unserialize$selected_style = isset(unserialize(get_option("autowp_settings"))["stable_diffusion_style"]) ? unseautowp.php:3123
unserialize$selected_sd_size = isset(unserialize(get_option("autowp_settings"))["stable_diffusion_size"]) ? unsautowp.php:3143
unserialize$selected_sd_size = isset(unserialize(get_option("autowp_settings"))["stable_diffusion_size"]) ? unsautowp.php:3143
unserialize$selected_flux_size = isset(unserialize(get_option("autowp_settings"))["flux_image_size"]) ? unseriaautowp.php:3166
unserialize$selected_flux_size = isset(unserialize(get_option("autowp_settings"))["flux_image_size"]) ? unseriaautowp.php:3166
unserialize$selected_dalle_2_size = isset(unserialize(get_option("autowp_settings"))["dalle_2_size"]) ? unseriaautowp.php:3186
unserialize$selected_dalle_2_size = isset(unserialize(get_option("autowp_settings"))["dalle_2_size"]) ? unseriaautowp.php:3186
unserialize$selected_dalle_3_size = isset(unserialize(get_option("autowp_settings"))["dalle_3_size"]) ? unseriaautowp.php:3205
unserialize$selected_dalle_3_size = isset(unserialize(get_option("autowp_settings"))["dalle_3_size"]) ? unseriaautowp.php:3205
unserialize$selected_dalle_3_style = isset(unserialize(get_option("autowp_settings"))["dalle_3_style"]) ? unserautowp.php:3224
unserialize$selected_dalle_3_style = isset(unserialize(get_option("autowp_settings"))["dalle_3_style"]) ? unserautowp.php:3224
unserialize<input type="radio" name="image_modification_status" value="1" <?php if(unserialize(get_option("autoautowp.php:3248
unserialize<input type="radio" name="image_modification_status" value="0" <?php if(unserialize(get_option("autoautowp.php:3251
unserialize<input id="nano_banana_prompt" name="nano_banana_prompt" type="text" class="form-control" value="<?pautowp.php:3264
unserializeif (isset(unserialize(get_option("autowp_settings"))["ai_image_width"])) {autowp.php:3279
unserializeecho esc_html(unserialize(get_option("autowp_settings"))["ai_image_width"]);autowp.php:3280
unserializeif (isset(unserialize(get_option("autowp_settings"))["ai_image_height"])){autowp.php:3293
unserializeecho esc_html(unserialize(get_option("autowp_settings"))["ai_image_height"]);autowp.php:3294
unserialize<input id="watermark_link" name="watermark_link" type="text" class="form-control" value="<?php echo autowp.php:3308
unserialize<input type="radio" name="social_media_status" value="1" <?php if (unserialize(get_option("autowp_seautowp.php:3321
unserialize<input type="radio" name="social_media_status" value="0" <?php if (unserialize(get_option("autowp_seautowp.php:3325
unserialize<input id="twitter_api_key" name="twitter_api_key" type="text" class="form-control" value="<?php echautowp.php:3337
unserialize<input id="telegram_api_key" name="telegram_api_key" type="text" class="form-control" value="<?php eautowp.php:3346
unserialize<input id="instagram_api_key" name="instagram_api_key" type="text" class="form-control" value="<?phpautowp.php:3355
unserialize<input id="autowp_server_url" name="autowp_server_url" type="text" class="form-control" value="<?phpautowp.php:3366
unserialize$image_settings = unserialize(get_option('autowp_settings'));autowp.php:3493
unserialize$image_settings = unserialize(get_option('autowp_settings'));autowp.php:3604
unserialize$image_settings = unserialize(get_option('autowp_settings'));autowp.php:3725
unserialize$image_settings = unserialize(get_option('autowp_settings'));autowp.php:5220
unserialize$image_settings = unserialize(get_option('autowp_settings'));autowp.php:5445
unserialize$server_url = unserialize(get_option("autowp_settings"))["autowp_server_url"];autowp.php:6683
unserialize$existing_settings = $existing_settings ? unserialize($existing_settings) : [];autowp.php:6853
unserialize$server_url = unserialize(get_option("autowp_settings"))["autowp_server_url"];autowp.php:7087
unserialize$settings = unserialize(get_option('autowp_settings'));autowp.php:7214
unserialize$settings = unserialize(get_option('autowp_settings'));includes\new-ai-website-form.php:133
unserialize$settings = unserialize(get_option('autowp_settings'));includes\new-news-website-form.php:114
unserialize$settings = unserialize(get_option('autowp_settings'));includes\new-own-ai-agent-form.php:189
unserialize$settings = unserialize(get_option('autowp_settings'));includes\new-rss-website-form.php:98
unserialize$settings = unserialize(get_option('autowp_settings'));includes\new-wp-website-form.php:165

SQL Query Safety

88% prepared25 total queries

Output Escaping

92% escaped787 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

23 flows8 with unsanitized paths
autowp_manual_post_news_form_page_handler (autowp.php:3816)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

AutoWP – AI Content Writer & Rewriter Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 4

authwp_ajax_autowp_toggle_websiteautowp.php:98
authwp_ajax_autowp_dismiss_announcementautowp.php:677
authwp_ajax_autowp_trigger_cron_nowautowp.php:3402
authwp_ajax_save_autowp_settingsautowp.php:6871
WordPress Hooks 13
actionadmin_enqueue_scriptsautowp.php:78
actionwp_headautowp.php:126
actionadmin_print_stylesautowp.php:173
actionadmin_initautowp.php:197
filterautowp_cronautowp.php:532
actionadmin_noticesautowp.php:578
filtercron_schedulesautowp.php:703
actionautowp_fetch_announcementsautowp.php:762
actioninitautowp.php:1443
actioninitautowp.php:3560
actionautowp_manual_post_rss_eventautowp.php:4876
actionadmin_menuautowp.php:7022
actionadmin_menuautowp.php:7080

Scheduled Events 17

autowp_fetch_announcements
autowp_cron
autowp_cron
autowp_cron
autowp_cron
autowp_cron
autowp_manual_post_rss_event
autowp_cron
autowp_cron
autowp_cron
autowp_cron
autowp_cron
autowp_cron
autowp_cron
autowp_cron
autowp_cron
autowp_cron
Maintenance & Trust

AutoWP – AI Content Writer & Rewriter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 5, 2026
PHP min version7.2
Downloads16K

Community Trust

Rating76/100
Number of ratings15
Active installs1K
Alternatives

AutoWP – AI Content Writer & Rewriter Alternatives

AI content generator

AI content generator

skelet-ai

A
92

AI Content Generator is an AI-powered plugin that generates SEO-optimized blog content effortlessly.

10 No CVEs
SmartAIPress

SmartAIPress

smartaipress

A
100

Unleash the Power of AI to Revolutionize Your Content Creation. Effortlessly generate high-quality articles, blog posts, and web content with our inte &hellip;

10 No CVEs
Angie – Agentic AI (Beta)

Angie – Agentic AI (Beta)

angie

A
100

Angie Code: Your expert WordPress developer, powered by AI. Build anything you can imagine without writing a single line of code.

10K No CVEs
BotWriter – AI Writer & Content Generator

BotWriter – AI Writer & Content Generator

botwriter

A
100

AI Writer & content generator for WordPress & WooCommerce. Auto blogging, AI writing plugin, product descriptions and SEO content.

2K No CVEs
AI

AI

ai

A
100

AI features, experiments and capabilities for WordPress.

1K No CVEs
Developer Profile

AutoWP – AI Content Writer & Rewriter Developer Profile

Basar Ventures

1 plugin · 1K total installs

78
trust score
Avg Security Score
77/100
Avg Patch Time
9 days
View full developer profile
Detection Fingerprints

How We Detect AutoWP – AI Content Writer & Rewriter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/autowp-ai-content-writer-rewriter/assets/js/bootstrap.min.js/wp-content/plugins/autowp-ai-content-writer-rewriter/assets/js/autowp.js/wp-content/plugins/autowp-ai-content-writer-rewriter/assets/js/autowp_ai_modal.js/wp-content/plugins/autowp-ai-content-writer-rewriter/assets/js/autowp_rewriting_modal.js/wp-content/plugins/autowp-ai-content-writer-rewriter/assets/js/bootstrap.bundle.min.js/wp-content/plugins/autowp-ai-content-writer-rewriter/assets/js/jquery-ui.min.js/wp-content/plugins/autowp-ai-content-writer-rewriter/assets/js/sortable_list.js/wp-content/plugins/autowp-ai-content-writer-rewriter/assets/js/admin-toggle.js+4 more
Script Paths
assets/js/bootstrap.min.jsassets/js/autowp.jsassets/js/autowp_ai_modal.jsassets/js/autowp_rewriting_modal.jsassets/js/bootstrap.bundle.min.jsassets/js/jquery-ui.min.js+2 more
Version Parameters
autowp-ai-content-writer-rewriter/assets/js/bootstrap.min.js?ver=autowp-ai-content-writer-rewriter/assets/js/autowp.js?ver=autowp-ai-content-writer-rewriter/assets/js/autowp_ai_modal.js?ver=autowp-ai-content-writer-rewriter/assets/js/autowp_rewriting_modal.js?ver=autowp-ai-content-writer-rewriter/assets/js/bootstrap.bundle.min.js?ver=autowp-ai-content-writer-rewriter/assets/js/jquery-ui.min.js?ver=autowp-ai-content-writer-rewriter/assets/js/sortable_list.js?ver=autowp-ai-content-writer-rewriter/assets/js/admin-toggle.js?ver=autowp-ai-content-writer-rewriter/assets/css/bootstrap.min.css?ver=autowp-ai-content-writer-rewriter/assets/css/jquery-ui.css?ver=autowp-ai-content-writer-rewriter/assets/css/loader.css?ver=autowp-ai-content-writer-rewriter/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
autowp-ai-content-writer-rewriter
Data Attributes
data-autowp-modal-target
JS Globals
autowp_toggle_nonceautowp_settings
FAQ

Frequently Asked Questions about AutoWP – AI Content Writer & Rewriter