WP-Safety

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress Security & Risk Analysis

wordpress.org/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent

Discover AI Chatbots for WordPress, only plugin built on native OpenAI assistants. Explore a new different way to chat!

100 active installs v1.6.5.0 PHP 7.3+ WP 6.2+ Updated Sep 19, 2025
aiai-assistantchatbotopenai
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "buddybot-ai-custom-ai-assistant-and-chat-agent" plugin exhibits a concerning security posture due to a significant number of unprotected entry points. With 56 total entry points and all of them lacking authentication checks, there is a high potential for unauthorized access and manipulation of plugin functionalities. The taint analysis further highlights this concern, revealing 4 high-severity flows with unsanitized paths, indicating potential for injection attacks or other vulnerabilities that could be exploited through these unprotected entry points. Although the plugin shows good practices in SQL query preparation and output escaping, these strengths are overshadowed by the widespread lack of security controls on its attack surface.

The vulnerability history is clean, with no known CVEs or past vulnerabilities. This is a positive indicator, suggesting that developers may have addressed issues in the past or that the plugin hasn't been a target of widespread exploitation. However, the absence of historical vulnerabilities does not negate the immediate risks identified in the static analysis. The substantial number of unprotected AJAX handlers and REST API routes represents a critical weakness that could be easily exploited, especially when combined with the high-severity taint flows. A balanced view acknowledges the good code quality in certain areas but emphasizes the critical need to implement robust authorization and sanitization for all entry points to mitigate the significant risks identified.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High severity unsanitized paths in taint analysis
  • Missing nonce checks on AJAX handlers
  • Missing capability checks on AJAX handlers
  • Missing permission callbacks on REST API routes
Vulnerabilities
None known

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
57 prepared
Unescaped Output
210
571 escaped
Nonce Checks
2
Capability Checks
2
File Operations
1
External Requests
45
Bundled Libraries
0

SQL Query Safety

93% prepared61 total queries

Output Escaping

73% escaped781 total outputs
Data Flows
49 unsanitized

Data Flow Analysis

25 flows49 with unsanitized paths
searchBar (admin\html\views\chatbot.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
56 unprotected

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress Attack Surface

Entry Points56
Unprotected56

AJAX Handlers 54

authwp_ajax_addFileadmin\responses\addfile.php:87
authwp_ajax_deleteAssistantadmin\responses\assistants.php:122
authwp_ajax_getAssistantsadmin\responses\assistants.php:123
authwp_ajax_deleteBuddyBotadmin\responses\chatbot.php:99
authwp_ajax_savePaginationLimitadmin\responses\chatbot.php:100
authwp_ajax_deleteConversationadmin\responses\conversations.php:89
authwp_ajax_saveConversationLimitadmin\responses\conversations.php:90
authwp_ajax_getModelsadmin\responses\editchatbot.php:467
authwp_ajax_saveBuddyBotadmin\responses\editchatbot.php:468
authwp_ajax_getAssistantDataadmin\responses\editchatbot.php:469
authwp_ajax_selectAssistantModaladmin\responses\editchatbot.php:470
authwp_ajax_selectedAssistantadmin\responses\editchatbot.php:471
authwp_ajax_deleteOrgFileadmin\responses\orgfiles.php:120
authwp_ajax_getOrgFilesadmin\responses\orgfiles.php:121
authwp_ajax_createThreadadmin\responses\playground.php:309
authwp_ajax_createMessageadmin\responses\playground.php:310
authwp_ajax_listMessagesadmin\responses\playground.php:311
authwp_ajax_deleteThreadadmin\responses\playground.php:312
authwp_ajax_buddybotStreamadmin\responses\playground.php:313
authwp_ajax_buddybotSendPluginFeedbackadmin\responses\pluginfeedback.php:62
authwp_ajax_getOptionsadmin\responses\settings.php:320
authwp_ajax_saveSettingsadmin\responses\settings.php:321
authwp_ajax_verifyApiKeyadmin\responses\settings.php:322
authwp_ajax_checkVectorStoreadmin\responses\settings.php:323
authwp_ajax_checkAllVectorStoreadmin\responses\settings.php:324
authwp_ajax_autoCreateVectorStoreadmin\responses\settings.php:325
authwp_ajax_createVectorStoreadmin\responses\vectorstore.php:779
authwp_ajax_getVectorStoreadmin\responses\vectorstore.php:780
authwp_ajax_retrieveVectorStoreadmin\responses\vectorstore.php:781
authwp_ajax_deleteVectorStoreadmin\responses\vectorstore.php:782
authwp_ajax_checkFileStatusOnVectorStoreJsadmin\responses\vectorstore.php:783
authwp_ajax_isBbFileWritableadmin\responses\vectorstore.php:784
authwp_ajax_addDataToFileadmin\responses\vectorstore.php:785
authwp_ajax_transferDataFileadmin\responses\vectorstore.php:786
authwp_ajax_getFilesadmin\responses\vectorstore.php:787
authwp_ajax_deleteOldFilesadmin\responses\vectorstore.php:788
authwp_ajax_displayVectorStoreNameadmin\responses\vectorstore.php:789
authwp_ajax_uploadFileIdsOnVectorStoreadmin\responses\vectorstore.php:790
authwp_ajax_getVectorStoreFilesadmin\responses\vectorstore.php:791
authwp_ajax_deleteVectorStoreDatabaseadmin\responses\vectorstore.php:792
authwp_ajax_listConversationadmin\responses\viewconversation.php:161
authwp_ajax_getRelatedConversationMsgadmin\responses\viewconversation.php:162
authwp_ajax_deleteConversationadmin\responses\viewconversation.php:163
authwp_ajax_getConversationListfrontend\responses\buddybotchat.php:447
authwp_ajax_getMessagesfrontend\responses\buddybotchat.php:448
authwp_ajax_sendUserMessagefrontend\responses\buddybotchat.php:449
authwp_ajax_deleteFrontendThreadfrontend\responses\buddybotchat.php:450
authwp_ajax_buddybotStreamfrontend\responses\buddybotchat.php:451
noprivwp_ajax_getConversationListfrontend\responses\buddybotchat.php:453
noprivwp_ajax_getMessagesfrontend\responses\buddybotchat.php:454
noprivwp_ajax_sendUserMessagefrontend\responses\buddybotchat.php:455
noprivwp_ajax_deleteFrontendThreadfrontend\responses\buddybotchat.php:456
noprivwp_ajax_setCookieSessionfrontend\responses\buddybotchat.php:457
noprivwp_ajax_buddybotStreamfrontend\responses\buddybotchat.php:458

REST API Routes 2

GET/wp-json/buddybot/v1/buddybotsblocks\gutenbergblocks.php:27
GET/wp-json/buddybot/v1/api-key-statusblocks\gutenbergblocks.php:37
WordPress Hooks 12
actionadmin_menuadmin\adminmenu.php:260
actionadmin_menuadmin\adminmenu.php:261
actionadmin_enqueue_scriptsadmin\adminmenu.php:264
actionadmin_footeradmin\adminmenu.php:265
actionbuddybot_delete_expired_chatsadmin\responses\settings.php:326
actioninitadmin\stylesheets.php:62
actionrest_api_initblocks\gutenbergblocks.php:169
actionenqueue_block_editor_assetsblocks\gutenbergblocks.php:170
actioninitblocks\gutenbergblocks.php:171
actioninitbuddybot.php:51
actionwp_loginfrontend\sessions.php:28
actionwp_enqueue_scriptsfrontend\shortcodes.php:99

Scheduled Events 1

buddybot_delete_expired_chats
Maintenance & Trust

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 19, 2025
PHP min version7.3
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress Alternatives

TM Chatbot Assistant

TM Chatbot Assistant

tm-chatbot-assistant

A
100

A powerful AI chatbot for use with Wordpress that enables OpenAI's Assistants to provide intelligent, conversational support to your website visitors.

10 No CVEs
AI Chatbot for Support & E-Commerce

AI Chatbot for Support & E-Commerce

ai-chatbot-for-support-e-commerce

A
100

AI-powered chatbot for WordPress and WooCommerce using OpenAI or Gemini, trained on your site content.

0 No CVEs
ChatWise AI Guide

ChatWise AI Guide

chatwise-ai-guide

A
100

Smart AI FAQ assistant powered by GPT. Answer visitor questions using your own OpenAI key and business info. No coding needed.

0 No CVEs
AI Engine – The Chatbot, AI Framework & MCP for WordPress

AI Engine – The Chatbot, AI Framework & MCP for WordPress

ai-engine

B
76

AI meets WordPress. Your site can now chat, write poetry, solve problems, and maybe make you coffee.

100K 22 CVEs
AI Puffer – Your AI engine for WordPress (formerly AI Power)

AI Puffer – Your AI engine for WordPress (formerly AI Power)

gpt3-ai-content-generator

A
86

Your AI engine for WordPress. Chat, write, automate, and generate — all in one workspace.

10K 10 CVEs
Developer Profile

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress Developer Profile

buddybot

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/ BuddyBot.css/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/app.css/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/bootstrap.min.css/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/icons.css/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/spinner.css/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/buddybot-app.js/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/ BuddyBot.js/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/app.js+5 more
Script Paths
/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/buddybot-app.js/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/ BuddyBot.js/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/app.js/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/bootstrap.min.js/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/components.js/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/main.js+2 more
Version Parameters
/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/ BuddyBot.css?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/app.css?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/bootstrap.min.css?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/icons.css?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/css/spinner.css?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/buddybot-app.js?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/ BuddyBot.js?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/app.js?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/bootstrap.min.js?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/components.js?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/main.js?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/plugins.min.js?ver=/wp-content/plugins/buddybot-ai-custom-ai-assistant-and-chat-agent/assets/js/sweetalert.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
buddybot-chat-wrapperbuddybot-chat-messagebuddybot-chat-inputbuddybot-ai-responsebuddybot-user-messagebuddybot-headerbuddybot-settings-formbuddybot-playground-container+3 more
HTML Comments
<!-- Blocks-------- --><!-- Admin Code-------- --><!-- Public Code-------- --><!-- Main Menu-->+7 more
Data Attributes
data-buddybot-chat-iddata-buddybot-message-typedata-buddybot-session-iddata-buddybot-input-element
JS Globals
window.BuddyBotAppwindow.buddybot_settingswindow.buddybot_chat_datawindow.buddybot_session_idwindow.buddybot_nonce
REST Endpoints
/wp-json/buddybot/v1/chat/wp-json/buddybot/v1/settings/wp-json/buddybot/v1/conversations/wp-json/buddybot/v1/vectorstore
Shortcode Output
[buddybot-chat][buddybot-conversation]
FAQ

Frequently Asked Questions about BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress