Bot On Site Security & Risk Analysis
wordpress.org/plugins/bot-on-siteOfficial BOS plugin: one-click connect to embed your AI assistant; optional manual key; status endpoint and cache-purge helpers.
Is Bot On Site Safe to Use in 2026?
Generally Safe
Score 100/100Bot On Site has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'bot-on-site' v1.0.0 plugin exhibits a generally strong security posture, with several positive indicators. Notably, the absence of dangerous functions, file operations, external HTTP requests, and the complete utilization of prepared statements for SQL queries are commendable practices. All output is properly escaped, and the plugin benefits from a clean vulnerability history with no recorded CVEs, suggesting a commitment to secure development or a lack of past exploitable issues.
However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This represents a direct, unprotected entry point into the plugin, which could potentially be leveraged by unauthenticated users. While taint analysis shows no immediate critical or high-severity issues, this unprotected AJAX endpoint warrants careful consideration as it bypasses standard WordPress security mechanisms like nonces and capability checks.
In conclusion, 'bot-on-site' v1.0.0 demonstrates good coding hygiene in most areas. The lack of known vulnerabilities and secure handling of sensitive operations like SQL are strengths. Nevertheless, the single unprotected AJAX endpoint is a clear weakness that introduces an unnecessary risk of unauthorized access or execution of plugin functions.
Key Concerns
- Unprotected AJAX handler
Bot On Site Security Vulnerabilities
Bot On Site Release Timeline
Bot On Site Code Analysis
Output Escaping
Bot On Site Attack Surface
AJAX Handlers 1
WordPress Hooks 10
Maintenance & Trust
Bot On Site Maintenance & Trust
Maintenance Signals
Community Trust
Bot On Site Alternatives
Gapify AI Customer Communication
gapify-ai-customer-communication
AI-powered customer support and chat widget. Automate responses, increase sales, and provide 24/7 customer service with Gapify's intelligent chatbot.
Ajentrix AI Agent
ajentrix-ai-agent
Integrate powerful AI agents into your WordPress website with voice and text chat capabilities powered by Ajentrix.
BorgHive Chatbot
borghive-chatbot
Integrate the BorgHive AI chatbot on your WordPress site in seconds — no coding required.
ChatStack AI Chatbot
chatstack-ai-chatbot
Easily embed your AI chatbot in WordPress. Train on your content and provide 24/7 customer support.
ComturkAI Automated AI Chatbot for Web
comturkai-automated-ai-chatbot-for-web
Add an AI-powered chatbot to your WordPress site that automatically learns from your content and answers visitor questions instantly.
Bot On Site Developer Profile
1 plugin · 0 total installs
How We Detect Bot On Site
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/bot-on-site/assets/admin.css/wp-content/plugins/bot-on-site/assets/admin.jshttps://cdn.botonsite.com/v1/bos.jsbot-on-site/assets/admin.css?ver=bot-on-site/assets/admin.js?ver=HTML / DOM Fingerprints
data-keyBOS_OFFICIAL/wp-json/bos-official/v1