WP-Safety

Bubblibot – GPT-5 Chatbot for WordPress Security & Risk Analysis

wordpress.org/plugins/bubblibot

AI-powered chatbot with GPT-5 support that learns from your content to provide instant, accurate answers to visitor questions.

0 active installs v1.1.1 PHP 8.0+ WP 5.8+ Updated Unknown
ai-chatbotchatbotchatgptcustomer-supportlive-chat
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Bubblibot – GPT-5 Chatbot for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Bubblibot – GPT-5 Chatbot for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The bubblibot plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by heavily utilizing prepared statements for SQL queries (84%) and ensuring a high percentage of output is properly escaped (95%). The plugin also has no recorded vulnerability history, suggesting a potentially stable codebase. However, the significant number of AJAX handlers, with a concerning 8 out of 15 lacking authentication checks, presents a substantial attack surface. This means that eight entry points are potentially accessible to unauthenticated users, which could lead to unauthorized actions if those handlers perform sensitive operations.

The taint analysis reveals one flow with an unsanitized path, identified as high severity. While the static analysis did not flag any dangerous functions or raw SQL without prepared statements, this high-severity unsanitized path flow is a critical concern. It suggests that data processed by this flow could be manipulated in a malicious way, potentially leading to vulnerabilities like path traversal or arbitrary file read/write, despite the general good practices observed elsewhere in the code. The absence of known CVEs is encouraging, but the presence of an unsanitized path in the taint analysis and the numerous unprotected AJAX handlers warrant immediate attention.

Key Concerns

  • 8 AJAX handlers without auth checks
  • 1 high severity taint flow with unsanitized paths
Vulnerabilities
None known

Bubblibot – GPT-5 Chatbot for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Bubblibot – GPT-5 Chatbot for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
15
81 prepared
Unescaped Output
11
201 escaped
Nonce Checks
9
Capability Checks
7
File Operations
4
External Requests
3
Bundled Libraries
0

SQL Query Safety

84% prepared96 total queries

Output Escaping

95% escaped212 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
handle_verify_api_key_ajax (includes\class-admin.php:1813)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Bubblibot – GPT-5 Chatbot for WordPress Attack Surface

Entry Points15
Unprotected8

AJAX Handlers 15

authwp_ajax_bubblibot_reindexincludes\class-admin.php:19
authwp_ajax_bubblibot_check_progressincludes\class-admin.php:20
authwp_ajax_bubblibot_refresh_debug_logincludes\class-admin.php:21
authwp_ajax_bubblibot_send_lead_formincludes\class-admin.php:30
noprivwp_ajax_bubblibot_send_lead_formincludes\class-admin.php:31
authwp_ajax_bubblibot_send_agent_messageincludes\class-admin.php:34
authwp_ajax_bubblibot_get_conversation_messagesincludes\class-admin.php:35
authwp_ajax_bubblibot_update_conversation_statusincludes\class-admin.php:36
authwp_ajax_bubblibot_check_agent_statusincludes\class-admin.php:37
authwp_ajax_bubblibot_get_new_messagesincludes\class-admin.php:38
authwp_ajax_bubblibot_update_lead_statusincludes\class-admin.php:39
authwp_ajax_bubblibot_verify_api_keyincludes\class-admin.php:40
authwp_ajax_bubblibot_clear_api_verificationincludes\class-admin.php:41
authwp_ajax_bubblibot_messageincludes\class-frontend.php:56
noprivwp_ajax_bubblibot_messageincludes\class-frontend.php:57
WordPress Hooks 21
actionadmin_noticesbubblibot.php:92
actionplugins_loadedbubblibot.php:143
actionwp_after_insert_postbubblibot.php:169
actionsave_postbubblibot.php:170
actiondelete_postbubblibot.php:171
actionadd_attachmentbubblibot.php:174
actiondelete_attachmentbubblibot.php:175
actionbubblibot_initial_indexbubblibot.php:269
actionadmin_noticesbubblibot.php:276
actionadmin_menuincludes\class-admin.php:16
actionadmin_initincludes\class-admin.php:17
actionadmin_enqueue_scriptsincludes\class-admin.php:18
actionadmin_noticesincludes\class-admin.php:24
actionadmin_action_bubblibot_migrate_dbincludes\class-admin.php:27
actionwp_enqueue_scriptsincludes\class-frontend.php:39
actionwp_footerincludes\class-frontend.php:40
actionwp_headincludes\class-frontend.php:41
filterthe_contentincludes\class-frontend.php:44
actionwp_headincludes\class-frontend.php:47
actionwp_footerincludes\class-frontend.php:48
actionwp_headincludes\class-frontend.php:67

Scheduled Events 1

bubblibot_initial_index
Maintenance & Trust

Bubblibot – GPT-5 Chatbot for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedUnknown
PHP min version8.0
Downloads243

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Bubblibot – GPT-5 Chatbot for WordPress Alternatives

Social Intents – Live Chat

Social Intents – Live Chat

live-chat-support-by-social-intents

B
78

AI Chatbot & Live Chat plugin for WordPress. Chat with visitors using ChatGPT, Claude, Gemini, Slack, Teams, and Google Chat.

400 1 unpatched
Vitxi Converse – Intelligent AI chatbot for Social Media

Vitxi Converse – Intelligent AI chatbot for Social Media

vitxi-converse

A
100

Intelligent AI chatbot that manages your social media customer service, providing instant, 24/7 support to your followers.

0 No CVEs
MxChat – AI Chatbot & Content Generation for WordPress

MxChat – AI Chatbot & Content Generation for WordPress

mxchat-basic

A
98

The best free AI chatbot and content generation plugin for WordPress. Train ChatGPT, Claude, Gemini, or Grok on your website content.

1K 2 CVEs
AI Chatbot for WordPress by Customerly

AI Chatbot for WordPress by Customerly

customerly

A
85

AI Chatbot to support customers, create engaging messages and send automated emails.

400 No CVEs
ILACHAT – AI Chatbot & Live Chat

ILACHAT – AI Chatbot & Live Chat

ilachat

A
100

AI-powered chatbot and live chat for WordPress & WooCommerce. Boost support, sales, and lead capture with real-time data.

200 No CVEs
Developer Profile

Bubblibot – GPT-5 Chatbot for WordPress Developer Profile

plugnify

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bubblibot – GPT-5 Chatbot for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bubblibot/assets/css/bubblibot-frontend.css/wp-content/plugins/bubblibot/assets/js/bubblibot-frontend.js/wp-content/plugins/bubblibot/assets/css/bubblibot-admin.css/wp-content/plugins/bubblibot/assets/js/bubblibot-admin.js
Generator Patterns
Bubblibot AI Chatbot
Script Paths
/wp-content/plugins/bubblibot/assets/js/bubblibot-frontend.js/wp-content/plugins/bubblibot/assets/js/bubblibot-admin.js
Version Parameters
bubblibot/assets/css/bubblibot-frontend.css?ver=bubblibot/assets/js/bubblibot-frontend.js?ver=bubblibot/assets/css/bubblibot-admin.css?ver=bubblibot/assets/js/bubblibot-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
bubblibot-chat-widgetbubblibot-messagebubblibot-input
HTML Comments
Bubblibot Chatbot WidgetBubblibot Admin Settings
Data Attributes
data-bubblibot-api-keydata-bubblibot-modeldata-bubblibot-welcome-message
JS Globals
window.bubblibotConfigvar bubblibot_ajax_object
REST Endpoints
/wp-json/bubblibot/v1/chat/wp-json/bubblibot/v1/index_status
Shortcode Output
[bubblibot_chat_widget]
FAQ

Frequently Asked Questions about Bubblibot – GPT-5 Chatbot for WordPress