WP-Safety

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Security & Risk Analysis

wordpress.org/plugins/axiachat-ai

The best AI Chatbot for WordPress. Like having ChatGPT trained on your content — turn your site into a 24/7 sales & support machine.

1K active installs v4.1.5 PHP 7.4+ WP 5.0+ Updated Apr 15, 2026
ai-chatbotchatgptcustomer-supportgoogle-geminiwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Safe to Use in 2026?

Generally Safe

Score 100/100

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "axiachat-ai" v4.1.5 plugin presents a mixed security posture. While it demonstrates strong adherence to secure coding practices with near-perfect output escaping and exclusively using prepared statements for SQL queries, significant concerns arise from its attack surface. A large number of AJAX handlers (97 total) with a substantial portion (43) lacking authentication checks represents a critical vulnerability vector. The taint analysis further highlights this, revealing 16 high-severity flows with unsanitized paths, indicating potential for exploitation when combined with the unprotected AJAX endpoints.

The plugin's vulnerability history is clean, with no recorded CVEs. This might suggest diligent development or a lack of targeted analysis. However, the presence of critical code signals like `set_time_limit`, `shell_exec`, and `ini_set` alongside the identified taint issues warrants caution, as these functions can be misused if exposed. The bundled Freemius library at v1.0 should also be monitored for known vulnerabilities in older versions.

In conclusion, while the plugin excels in secure SQL handling and output sanitization, the substantial number of unprotected AJAX endpoints coupled with high-severity unsanitized taint flows creates a significant risk. The absence of historical vulnerabilities is positive but should not overshadow the current, actively identified risks in the codebase. Addressing the unprotected AJAX handlers and reviewing the identified taint flows are paramount for improving the plugin's security.

Key Concerns

  • Large attack surface without auth checks (AJAX)
  • High severity unsanitized taint flows
  • Dangerous functions found (shell_exec, ini_set)
  • Bundled outdated library (Freemius v1.0)
Vulnerabilities
None known

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Release Timeline

v4.1.5Current
v4.1.4
v4.1.3
v4.1.2
v4.1.1
v4.1.0
v4.0.2
v3.1.5
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v2.0.9
v2.0.8
v2.0.7
Code Analysis
Analyzed Apr 16, 2026

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Code Analysis

Dangerous Functions
9
Raw SQL Queries
1
474 prepared
Unescaped Output
19
2717 escaped
Nonce Checks
87
Capability Checks
83
File Operations
4
External Requests
40
Bundled Libraries
1

Dangerous Functions Found

set_time_limitset_time_limit( 120 ); // phpcs:ignoreincludes/add-ons/web-scraper/admin-ajax.php:174
shell_exec$out = @shell_exec('command -v pdftotext 2>/dev/null');includes/contexto-pdf-ajax.php:197
shell_exec$out = @shell_exec('where pdftotext 2>NUL');includes/contexto-pdf-ajax.php:200
shell_exec$out = @shell_exec($cmd);includes/contexto-pdf-ajax.php:207
shell_exec$out=@shell_exec('command -v '.escapeshellcmd($bin).' 2>/dev/null');includes/contexto-pdf-template.php:103
shell_exec$out=@shell_exec('where '.escapeshellcmd($bin).' 2>NUL');includes/contexto-pdf-template.php:105
shell_exec$content = @shell_exec( $cmd );includes/easy-config.php:880
set_time_limit@set_time_limit( 300 ); // 5 minutesincludes/pdf-ai-vision.php:104
ini_set@ini_set( 'memory_limit', '512M' );includes/pdf-ai-vision.php:106

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared475 total queries

Output Escaping

99% escaped2736 total outputs
Data Flows · Security
19 unsanitized

Data Flow Analysis

25 flows19 with unsanitized paths
aichat_leads_gsheets_oauth_callback (includes/add-ons/leads/loader.php:398)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
43 unprotected

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Attack Surface

Entry Points98
Unprotected43

AJAX Handlers 97

authwp_ajax_aichat_get_log_tailaxiachat-ai.php:369
authwp_ajax_aichat_download_logaxiachat-ai.php:389
authwp_ajax_aichat_clear_logaxiachat-ai.php:419
authwp_ajax_aichat_export_diagnosticsaxiachat-ai.php:440
authwp_ajax_aichat_save_dialog_stringsaxiachat-ai.php:2284
authwp_ajax_aichat_load_dialog_stringsaxiachat-ai.php:2309
authwp_ajax_aichat_tools_get_rulesincludes/add-ons/ai-tools/admin-ajax.php:7
authwp_ajax_aichat_tools_save_rulesincludes/add-ons/ai-tools/admin-ajax.php:20
authwp_ajax_aichat_tools_get_bot_toolsincludes/add-ons/ai-tools/admin-ajax.php:36
authwp_ajax_aichat_tools_save_bot_toolsincludes/add-ons/ai-tools/admin-ajax.php:52
authwp_ajax_aichat_tools_get_capability_settingsincludes/add-ons/ai-tools/admin-ajax.php:74
authwp_ajax_aichat_tools_save_capability_settingsincludes/add-ons/ai-tools/admin-ajax.php:85
authwp_ajax_aichat_tools_list_all_toolsincludes/add-ons/ai-tools/admin-ajax.php:120
authwp_ajax_aichat_tools_run_toolincludes/add-ons/ai-tools/admin-ajax.php:138
authwp_ajax_aichat_appointments_save_settingsincludes/add-ons/appointments/admin-ajax.php:15
authwp_ajax_aichat_appointments_gcal_disconnectincludes/add-ons/appointments/admin-ajax.php:128
authwp_ajax_aichat_appointments_getincludes/add-ons/appointments/admin-ajax.php:148
authwp_ajax_aichat_appointments_update_statusincludes/add-ons/appointments/admin-ajax.php:171
authwp_ajax_aichat_appointments_cancelincludes/add-ons/appointments/admin-ajax.php:197
authwp_ajax_aichat_appointments_updateincludes/add-ons/appointments/admin-ajax.php:226
authwp_ajax_aichat_appointments_calendarincludes/add-ons/appointments/admin-ajax.php:278
authwp_ajax_aichat_leads_save_settingsincludes/add-ons/leads/admin-ajax.php:15
authwp_ajax_aichat_leads_save_email_templateincludes/add-ons/leads/admin-ajax.php:65
authwp_ajax_aichat_leads_get_leadincludes/add-ons/leads/admin-ajax.php:87
authwp_ajax_aichat_leads_update_statusincludes/add-ons/leads/admin-ajax.php:119
authwp_ajax_aichat_leads_deleteincludes/add-ons/leads/admin-ajax.php:148
authwp_ajax_aichat_leads_bulk_deleteincludes/add-ons/leads/admin-ajax.php:176
authwp_ajax_aichat_leads_exportincludes/add-ons/leads/admin-ajax.php:203
authwp_ajax_aichat_leads_get_cf7_fieldsincludes/add-ons/leads/admin-ajax.php:231
authwp_ajax_aichat_leads_get_wpforms_fieldsincludes/add-ons/leads/admin-ajax.php:232
authwp_ajax_aichat_leads_gsheets_disconnectincludes/add-ons/leads/admin-ajax.php:233
authwp_ajax_aichat_leads_gsheets_testincludes/add-ons/leads/admin-ajax.php:234
authwp_ajax_aichat_leads_gsheets_saveincludes/add-ons/leads/admin-ajax.php:235
authwp_ajax_aichat_lead_lists_getincludes/add-ons/leads/admin-ajax.php:341
authwp_ajax_aichat_lead_lists_get_oneincludes/add-ons/leads/admin-ajax.php:362
authwp_ajax_aichat_lead_lists_createincludes/add-ons/leads/admin-ajax.php:390
authwp_ajax_aichat_lead_lists_updateincludes/add-ons/leads/admin-ajax.php:414
authwp_ajax_aichat_lead_lists_deleteincludes/add-ons/leads/admin-ajax.php:443
authwp_ajax_aichat_lead_form_submitincludes/add-ons/leads/admin-ajax.php:551
noprivwp_ajax_aichat_lead_form_submitincludes/add-ons/leads/admin-ajax.php:552
authwp_ajax_aichat_webscraper_fetch_urlsincludes/add-ons/web-scraper/admin-ajax.php:22
authwp_ajax_aichat_webscraper_crawl_siteincludes/add-ons/web-scraper/admin-ajax.php:23
authwp_ajax_aichat_bots_listincludes/bots_ajax.php:12
authwp_ajax_aichat_bot_createincludes/bots_ajax.php:13
authwp_ajax_aichat_bot_updateincludes/bots_ajax.php:14
authwp_ajax_aichat_bot_resetincludes/bots_ajax.php:15
authwp_ajax_aichat_bot_deleteincludes/bots_ajax.php:16
authwp_ajax_aichat_process_messageincludes/class-aichat-ajax.php:36
noprivwp_ajax_aichat_process_messageincludes/class-aichat-ajax.php:37
authwp_ajax_aichat_get_historyincludes/class-aichat-ajax.php:38
noprivwp_ajax_aichat_get_historyincludes/class-aichat-ajax.php:39
authwp_ajax_aichat_process_contextincludes/contexto-ajax-create.php:46
authwp_ajax_aichat_load_itemsincludes/contexto-ajax-create.php:525
authwp_ajax_aichat_modify_list_documentsincludes/contexto-ajax-modify.php:18
authwp_ajax_aichat_modify_view_documentincludes/contexto-ajax-modify.php:154
authwp_ajax_aichat_modify_save_documentincludes/contexto-ajax-modify.php:263
authwp_ajax_aichat_modify_remove_documentsincludes/contexto-ajax-modify.php:424
authwp_ajax_aichat_modify_add_documentsincludes/contexto-ajax-modify.php:550
authwp_ajax_aichat_modify_load_itemsincludes/contexto-ajax-modify.php:772
authwp_ajax_aichat_load_contextsincludes/contexto-ajax-settings.php:10
authwp_ajax_aichat_update_context_nameincludes/contexto-ajax-settings.php:30
authwp_ajax_aichat_delete_contextincludes/contexto-ajax-settings.php:70
authwp_ajax_aichat_update_progressincludes/contexto-ajax-settings.php:90
authwp_ajax_aichat_search_context_chunksincludes/contexto-ajax-settings.php:108
authwp_ajax_aichat_get_context_metaincludes/contexto-ajax-settings.php:152
authwp_ajax_aichat_autosync_run_nowincludes/contexto-ajax-settings.php:192
authwp_ajax_aichat_browse_context_chunksincludes/contexto-ajax-settings.php:350
authwp_ajax_aichat_get_indexing_optionsincludes/contexto-ajax-settings.php:452
authwp_ajax_aichat_save_indexing_optionsincludes/contexto-ajax-settings.php:471
authwp_ajax_aichat_admin_upload_fileincludes/contexto-pdf-ajax.php:436
authwp_ajax_aichat_list_uploadsincludes/contexto-pdf-ajax.php:549
authwp_ajax_aichat_parse_uploadincludes/contexto-pdf-ajax.php:587
authwp_ajax_aichat_get_chunks_for_uploadincludes/contexto-pdf-ajax.php:611
authwp_ajax_aichat_delete_uploadincludes/contexto-pdf-ajax.php:638
authwp_ajax_aichat_easycfg_get_dataincludes/easy-config.php:141
authwp_ajax_aichat_easycfg_preview_promptincludes/easy-config.php:157
authwp_ajax_aichat_easycfg_discoverincludes/easy-config.php:183
authwp_ajax_aichat_easycfg_create_contextincludes/easy-config.php:528
authwp_ajax_aichat_easycfg_index_batchincludes/easy-config.php:694
authwp_ajax_aichat_easycfg_index_textincludes/easy-config.php:718
authwp_ajax_aichat_easycfg_upload_fileincludes/easy-config.php:744
authwp_ajax_aichat_easycfg_save_api_keyincludes/easy-config.php:1091
authwp_ajax_aichat_easycfg_statusincludes/easy-config.php:1127
authwp_ajax_aichat_easycfg_save_botincludes/easy-config.php:1152
authwp_ajax_aichat_easycfg_save_global_botincludes/easy-config.php:1359
authwp_ajax_aichat_dismiss_provider_errorsincludes/error-tracking.php:158
authwp_ajax_aichat_upload_fileincludes/file-upload-ajax.php:21
noprivwp_ajax_aichat_upload_fileincludes/file-upload-ajax.php:22
authwp_ajax_aichat_training_save_instructionsincludes/training-ajax.php:22
authwp_ajax_aichat_training_save_context_sourcesincludes/training-ajax.php:23
authwp_ajax_aichat_training_set_bot_contextincludes/training-ajax.php:24
authwp_ajax_aichat_training_save_advancedincludes/training-ajax.php:25
authwp_ajax_aichat_training_get_context_statsincludes/training-ajax.php:26
authwp_ajax_aichat_get_usage_summaryincludes/usage-ajax.php:4
authwp_ajax_aichat_get_usage_timeseriesincludes/usage-ajax.php:5
authwp_ajax_aichat_get_last_conversationsincludes/usage-ajax.php:6
authwp_ajax_aichat_get_monthly_summaryincludes/usage-ajax.php:7

Shortcodes 1

[aichat] includes/shortcode.php:38
WordPress Hooks 81
filterload_script_translation_fileaxiachat-ai.php:105
actioninitaxiachat-ai.php:705
actioninitaxiachat-ai.php:889
actionplugins_loadedaxiachat-ai.php:956
actioninitaxiachat-ai.php:983
actionadmin_initaxiachat-ai.php:1131
actionadmin_menuaxiachat-ai.php:1321
actionadmin_enqueue_scriptsaxiachat-ai.php:1494
actiontemplate_redirectaxiachat-ai.php:1842
actiontemplate_redirectaxiachat-ai.php:1890
filtershow_admin_baraxiachat-ai.php:1900
filterbody_classaxiachat-ai.php:1904
actionwp_enqueue_scriptsaxiachat-ai.php:1912
actionwp_footeraxiachat-ai.php:1930
actionadmin_initaxiachat-ai.php:1936
actionadmin_post_aichat_delete_conversationaxiachat-ai.php:1965
filterinitaxiachat-ai.php:2088
actioninitaxiachat-ai.php:2226
actioninitincludes/add-ons/ai-tools/api.php:96
actionplugins_loadedincludes/add-ons/ai-tools/api.php:102
actionaichat_tool_registeredincludes/add-ons/ai-tools/api.php:105
filteraichat_openai_responses_toolsincludes/add-ons/ai-tools/api.php:157
filteraichat_gemini_toolsincludes/add-ons/ai-tools/api.php:231
filteraichat_messages_before_providerincludes/add-ons/ai-tools/api.php:334
filteraichat_claude_messages_toolsincludes/add-ons/ai-tools/api.php:359
actioninitincludes/add-ons/ai-tools/tools-sample.php:28
actionadmin_enqueue_scriptsincludes/add-ons/appointments/admin-ajax.php:325
actionadmin_initincludes/add-ons/appointments/admin-settings.php:286
actioninitincludes/add-ons/appointments/integration.php:21
actioninitincludes/add-ons/appointments/loader.php:47
actionadmin_initincludes/add-ons/appointments/loader.php:79
actionadmin_menuincludes/add-ons/appointments/loader.php:105
actionadmin_initincludes/add-ons/appointments/loader.php:137
actionaichat_appointments_send_remindersincludes/add-ons/appointments/loader.php:153
actionplugins_loadedincludes/add-ons/leads/adapters/class-adapter-cf7.php:173
actioninitincludes/add-ons/leads/adapters/class-adapter-cpt.php:24
actionplugins_loadedincludes/add-ons/leads/adapters/class-adapter-wpforms.php:218
actionaichat_daily_cleanupincludes/add-ons/leads/class-leads-manager.php:1272
actioninitincludes/add-ons/leads/integration.php:25
filteraichat_openai_responses_toolsincludes/add-ons/leads/integration.php:172
filteraichat_claude_messages_toolsincludes/add-ons/leads/integration.php:173
filteraichat_gemini_toolsincludes/add-ons/leads/integration.php:174
filteraichat_response_dataincludes/add-ons/leads/integration.php:370
filteraichat_system_prompt_additionsincludes/add-ons/leads/integration.php:619
actionadmin_menuincludes/add-ons/leads/loader.php:72
actionadmin_enqueue_scriptsincludes/add-ons/leads/loader.php:75
actionaichat_after_tables_createdincludes/add-ons/leads/loader.php:326
actionaichat_after_tables_createdincludes/add-ons/leads/loader.php:327
actionaichat_after_tables_createdincludes/add-ons/leads/loader.php:328
actionadmin_initincludes/add-ons/leads/loader.php:331
actionadmin_initincludes/add-ons/leads/loader.php:397
actionadmin_noticesincludes/add-ons/leads/loader.php:410
actionadmin_noticesincludes/add-ons/leads/loader.php:429
actionadmin_noticesincludes/add-ons/leads/loader.php:441
filtercron_schedulesincludes/aichat-cron.php:14
actionaichat_process_embeddings_batchincludes/aichat-cron.php:292
actionaichat_cron_process_contextsincludes/aichat-cron.php:367
filtercron_schedulesincludes/aichat-cron.php:381
actionaichat_autosync_hourlyincludes/aichat-cron.php:491
actionaichat_cleanup_tool_statesincludes/aichat-cron.php:513
actionwp_enqueue_scriptsincludes/class-aichat-core.php:35
actionwp_footerincludes/class-aichat-core.php:36
actionadmin_enqueue_scriptsincludes/contexto-functions.php:7
actionadmin_initincludes/contexto-functions.php:122
actioninitincludes/contexto-pdf-ajax.php:10
actionadmin_enqueue_scriptsincludes/contexto-pdf-template.php:11
filtercron_schedulesincludes/email-alerts.php:28
actionadmin_initincludes/email-alerts.php:43
actionaichat_conversation_savedincludes/email-alerts.php:80
actionaichat_email_alerts_cronincludes/email-alerts.php:111
actionadmin_menuincludes/error-tracking.php:195
actionadmin_noticesincludes/error-tracking.php:284
filterwp_image_editorsincludes/file-upload-ajax.php:386
actionafter_uninstallincludes/freemius-init.php:74
filtersupport_forum_urlincludes/freemius-init.php:79
actionadmin_initincludes/settings.php:151
filterpre_update_option_aichat_global_bot_enabledincludes/settings.php:370
filterpre_update_option_aichat_global_bot_slugincludes/settings.php:378
filteraichat_widget_footerincludes/shortcode.php:11
actioninitincludes/shortcode.php:37
actionadmin_enqueue_scriptsincludes/usage.php:206

Scheduled Events 4

aichat_appointments_send_reminders
aichat_cron_process_contexts
aichat_autosync_hourly
aichat_cleanup_tool_states
Maintenance & Trust

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 15, 2026
PHP min version7.4
Downloads21K

Community Trust

Rating100/100
Number of ratings12
Active installs1K
Alternatives

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Alternatives

MxChat – AI Chatbot & Content Generation for WordPress

MxChat – AI Chatbot & Content Generation for WordPress

mxchat-basic

A
98

The best free AI chatbot and content generation plugin for WordPress. Train ChatGPT, Claude, Gemini, or Grok on your website content.

1K 2 CVEs
Live Chat & AI Chatbot – onWebChat

Live Chat & AI Chatbot – onWebChat

onwebchat

A
99

Add live chat and a 24/7 AI chatbot to your site. Engage visitors instantly, automate support, and convert more visitors into customers.

700 1 CVE
Social Intents – Live Chat

Social Intents – Live Chat

live-chat-support-by-social-intents

B
79

AI Chatbot & Live Chat plugin for WordPress. Chat with visitors using ChatGPT, Claude, Gemini, Slack, Teams, and Google Chat.

400 1 unpatched
Muchat – AI Chatbot (with Autosync)

Muchat – AI Chatbot (with Autosync)

muchat-ai

A
100

Integrate MuChat: AI Chatbot for WordPress/WooCommerce, with auto-sync for enhanced customer support

300 No CVEs
ILACHAT – AI Chatbot & Live Chat

ILACHAT – AI Chatbot & Live Chat

ilachat

A
100

AI-powered chatbot and live chat for WordPress & WooCommerce. Boost support, sales, and lead capture with real-time data.

200 No CVEs
Developer Profile

AxiaChat AI – Free AI Chatbot (Answers Customers Automatically) Developer Profile

Esteban

4 plugins · 4K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AxiaChat AI – Free AI Chatbot (Answers Customers Automatically)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/axiachat-ai/assets/css/components.css/wp-content/plugins/axiachat-ai/assets/css/style.css/wp-content/plugins/axiachat-ai/assets/js/axios.min.js/wp-content/plugins/axiachat-ai/assets/js/axios.min.js.map/wp-content/plugins/axiachat-ai/assets/js/chunks/chunk.js/wp-content/plugins/axiachat-ai/assets/js/chunks/chunk.js.map/wp-content/plugins/axiachat-ai/assets/js/main.js/wp-content/plugins/axiachat-ai/assets/js/main.js.map+2 more
Script Paths
/wp-content/plugins/axiachat-ai/assets/js/axios.min.js/wp-content/plugins/axiachat-ai/assets/js/chunks/chunk.js/wp-content/plugins/axiachat-ai/assets/js/main.js/wp-content/plugins/axiachat-ai/assets/js/vendors.js
Version Parameters
/wp-content/plugins/axiachat-ai/assets/css/components.css?ver=/wp-content/plugins/axiachat-ai/assets/css/style.css?ver=/wp-content/plugins/axiachat-ai/assets/js/axios.min.js?ver=/wp-content/plugins/axiachat-ai/assets/js/chunks/chunk.js?ver=/wp-content/plugins/axiachat-ai/assets/js/main.js?ver=/wp-content/plugins/axiachat-ai/assets/js/vendors.js?ver=

HTML / DOM Fingerprints

CSS Classes
axiachat-ai-containeraxiachat-ai-widgetaxiachat-ai-message-sentaxiachat-ai-message-received
HTML Comments
<!-- AICHAT_PLUGIN_DIR --><!-- AICHAT_PLUGIN_URL --><!-- AICHAT_VERSION --><!-- Chatbot Interface -->+1 more
Data Attributes
data-ai-chat-widgetdata-ai-chat-message-typedata-ai-chat-message-content
JS Globals
window.axiachat_ai_config
Shortcode Output
[axiachat_ai_chat][axiachat_ai_chat_widget]
FAQ

Frequently Asked Questions about AxiaChat AI – Free AI Chatbot (Answers Customers Automatically)