WP-Safety

Kognetiks Chatbot for WordPress Security & Risk Analysis

wordpress.org/plugins/chatbot-chatgpt

Quiet proof that your website is working. Turn real visitor conversations into clear insight, automatically. No dashboards. No guesswork.

900 active installs v2.4.6 PHP + WP + Updated Feb 13, 2026
aichatchatgptinsightsreporting
83
B · Generally Safe
CVEs total9
Unpatched0
Last CVEOct 17, 2025
Plugin page Download
Safety Verdict

Is Kognetiks Chatbot for WordPress Safe to Use in 2026?

Mostly Safe

Score 83/100

Kognetiks Chatbot for WordPress is generally safe to use. 9 past CVEs were resolved. Keep it updated.

9 known CVEsLast CVE: Oct 17, 2025Updated 1mo ago
Risk Assessment

The "chatbot-chatgpt" v2.4.6 plugin exhibits a mixed security posture. While it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output, significant concerns arise from its attack surface and historical vulnerability patterns. The presence of 10 AJAX handlers without authentication checks represents a substantial risk, as it creates direct entry points for unauthenticated attackers to potentially exploit. Furthermore, the taint analysis revealing 7 high severity flows indicates potential for sensitive data manipulation or execution of unintended actions when user input is not properly sanitized. The plugin's history of 9 known CVEs, including 2 critical ones, and the recurrence of common vulnerability types like Improper Authorization and Cross-Site Scripting suggest a pattern of exploitable weaknesses that require ongoing vigilance. Despite the current lack of unpatched vulnerabilities and the presence of numerous capability and nonce checks, the inherent risks from unprotected entry points and past security failures warrant careful consideration.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Total known CVEs
  • Critical severity CVEs
  • Bundled Freemius v1.0 library
  • Dangerous function: unserialize
Vulnerabilities
9

Kognetiks Chatbot for WordPress Security Vulnerabilities

CVEs by Year

8 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
2
Medium
7

9 total CVEs

CVE-2025-11256medium · 5.3Improper Authorization

Kognetiks Chatbot <= 2.3.5 - Missing Authorization to Unauthenticated Limited File Uploads and Conversation Erasing

Oct 17, 2025 Patched in 2.3.6 (1d)
CVE-2024-10530medium · 4.3Missing Authorization

Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Addition

Nov 12, 2024 Patched in 2.1.8 (1d)
CVE-2024-10531medium · 5.3Missing Authorization

Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Update

Nov 12, 2024 Patched in 2.1.8 (1d)
CVE-2024-10684medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kognetiks Chatbot for WordPress <= 2.1.7 - Reflected Cross-Site Scripting

Nov 12, 2024 Patched in 2.1.8 (1d)
CVE-2024-11143medium · 4.3Cross-Site Request Forgery (CSRF)

Kognetiks Chatbot for WordPress <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification

Nov 12, 2024 Patched in 2.1.9 (1d)
CVE-2024-10529medium · 5.3Missing Authorization

Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Deletion

Nov 12, 2024 Patched in 2.1.8 (1d)
CVE-2024-35738medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kognetiks Chatbot for WordPress <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 6, 2024 Patched in 1.9.9 (7d)
CVE-2024-32700critical · 10Unrestricted Upload of File with Dangerous Type

Kognetiks Chatbot for WordPress <= 2.0.0 - Unauthenticated Arbitrary File Upload

May 13, 2024 Patched in 2.0.1 (5d)
CVE-2024-4560critical · 9.8Unrestricted Upload of File with Dangerous Type

Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function

May 10, 2024 Patched in 2.0.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

Kognetiks Chatbot for WordPress Code Analysis

Dangerous Functions
2
Raw SQL Queries
64
191 prepared
Unescaped Output
226
2302 escaped
Nonce Checks
46
Capability Checks
43
File Operations
95
External Requests
67
Bundled Libraries
1

Dangerous Functions Found

unserialize$embeddings = unserialize($serialized);includes\transformers\lexical-context-model.php:334
unserialize$embeddings = unserialize($serialized);includes\transformers\lexical-context-model.php:347

Bundled Libraries

Freemius1.0

SQL Query Safety

75% prepared255 total queries

Output Escaping

91% escaped2528 total outputs
Data Flows
15 unsanitized

Data Flow Analysis

25 flows15 with unsanitized paths
chatbot_chatgpt_shortcode (includes\chatbot-shortcode.php:17)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Kognetiks Chatbot for WordPress Attack Surface

Entry Points37
Unprotected10

AJAX Handlers 32

authwp_ajax_chatbot_chatgpt_send_messagechatbot-chatgpt.php:2626
noprivwp_ajax_chatbot_chatgpt_send_messagechatbot-chatgpt.php:2627
authwp_ajax_chatbot_chatgpt_refresh_noncechatbot-chatgpt.php:2629
noprivwp_ajax_chatbot_chatgpt_refresh_noncechatbot-chatgpt.php:2630
authwp_ajax_chatbot_chatgpt_get_queue_statuschatbot-chatgpt.php:2632
noprivwp_ajax_chatbot_chatgpt_get_queue_statuschatbot-chatgpt.php:2633
authwp_ajax_chatbot_chatgpt_upload_fileschatbot-chatgpt.php:2635
authwp_ajax_chatbot_chatgpt_upload_mp3chatbot-chatgpt.php:2637
authwp_ajax_chatbot_chatgpt_erase_conversationchatbot-chatgpt.php:2639
noprivwp_ajax_chatbot_chatgpt_erase_conversationchatbot-chatgpt.php:2640
authwp_ajax_chatbot_chatgpt_unlock_conversationchatbot-chatgpt.php:2642
authwp_ajax_chatbot_chatgpt_reset_all_lockschatbot-chatgpt.php:2644
authwp_ajax_chatbot_chatgpt_reset_cache_lockschatbot-chatgpt.php:2646
authwp_ajax_chatbot_chatgpt_read_aloudchatbot-chatgpt.php:2648
authwp_ajax_chatbot_chatgpt_download_transcriptchatbot-chatgpt.php:2650
authwp_ajax_chatbot_chatgpt_read_aloudincludes\chatbot-call-openai-api-tts.php:325
noprivwp_ajax_chatbot_chatgpt_read_aloudincludes\chatbot-call-openai-api-tts.php:326
authwp_ajax_log_chatbot_errorincludes\settings\chatbot-settings-diagnostics.php:677
noprivwp_ajax_log_chatbot_errorincludes\settings\chatbot-settings-diagnostics.php:678
authwp_ajax_chatbot_chatgpt_test_conversation_digestincludes\settings\chatbot-settings-reporting.php:1540
authwp_ajax_chatbot_chatgpt_test_insights_emailincludes\settings\chatbot-settings-reporting.php:1592
authwp_ajax_mistral_update_assistantincludes\utilities\chatbot-agents-mistral.php:522
authwp_ajax_mistral_delete_assistantincludes\utilities\chatbot-agents-mistral.php:556
authwp_ajax_mistral_add_new_assistantincludes\utilities\chatbot-agents-mistral.php:621
authwp_ajax_azure_update_assistantincludes\utilities\chatbot-assistants-azure.php:516
authwp_ajax_azure_delete_assistantincludes\utilities\chatbot-assistants-azure.php:547
authwp_ajax_azure_add_new_assistantincludes\utilities\chatbot-assistants-azure.php:611
authwp_ajax_update_assistantincludes\utilities\chatbot-assistants.php:494
authwp_ajax_delete_assistantincludes\utilities\chatbot-assistants.php:523
authwp_ajax_add_new_assistantincludes\utilities\chatbot-assistants.php:585
authwp_ajax_chatbot_chatgpt_download_transcriptincludes\utilities\chatbot-download-transcript.php:65
noprivwp_ajax_chatbot_chatgpt_download_transcriptincludes\utilities\chatbot-download-transcript.php:66

REST API Routes 1

GET/wp-json/assistant/v1/searchincludes\utilities\chatbot-assisted-search.php:19

Shortcodes 4

[chatbot_chatgpt_history] includes\utilities\chatbot-conversation-history.php:308
[chatbot_conversation] includes\utilities\chatbot-conversation-history.php:309
[chat_history] includes\utilities\chatbot-conversation-history.php:310
[chatbot_chatgpt_short_code_tester] tools\chatbot-shortcode-tester-tool.php:60
WordPress Hooks 116
actioninitchatbot-chatgpt.php:124
actionadmin_initchatbot-chatgpt.php:387
actionfs_after_account_plan_sync_chatbot-chatgptchatbot-chatgpt.php:435
actionfs_after_license_change_chatbot-chatgptchatbot-chatgpt.php:439
actionafter_premium_version_activationchatbot-chatgpt.php:445
actionafter_uninstallchatbot-chatgpt.php:449
actionadmin_enqueue_scriptschatbot-chatgpt.php:900
actionupgrader_process_completechatbot-chatgpt.php:908
actionwp_enqueue_scriptschatbot-chatgpt.php:1041
actionwp_enqueue_scriptschatbot-chatgpt.php:1068
actionadmin_enqueue_scriptschatbot-chatgpt.php:1083
actionchatbot_chatgpt_cleanup_eventchatbot-chatgpt.php:1089
actionchatbot_chatgpt_conversation_log_cleanup_eventchatbot-chatgpt.php:1094
actioninitchatbot-chatgpt.php:2594
actionadmin_menuchatbot-chatgpt.php:2607
actionwp_enqueue_scriptschatbot-chatgpt.php:3026
actionadmin_enqueue_scriptschatbot-chatgpt.php:3041
actionwp_headincludes\appearance\chatbot-settings-appearance-body.php:57
actionwp_headincludes\appearance\chatbot-settings-appearance-body.php:89
actiondelete_azure_uploaded_fileincludes\chatbot-call-azure-api-assistant.php:999
actiondelete_uploaded_fileincludes\chatbot-call-openai-api-assistant.php:1398
actionchatbot_chatgpt_delete_audio_fileincludes\chatbot-call-openai-api-tts.php:386
actionchatbot_chatgpt_cleanup_audio_filesincludes\chatbot-call-openai-api-tts.php:403
actioninitincludes\chatbot-shortcode.php:1243
actionwp_footerincludes\chatbot-shortcode.php:1366
actionwp_dashboard_setupincludes\dashboard\chatbot-chatgpt-dashboard-widget.php:29
filtercron_schedulesincludes\insights\automated-emails.php:1102
actionkognetiks_insights_send_proof_of_value_email_hookincludes\insights\automated-emails.php:1340
actionadmin_initincludes\insights\automated-emails.php:1343
actionkognetiks_insights_automated_scoringincludes\insights\scoring-models\sentiment-analysis.php:305
actionchatbot_kn_acquire_controllerincludes\knowledge-navigator\chatbot-kn-acquire-controller.php:101
actionadmin_post_chatbot_chatgpt_kn_analysis_download_csvincludes\knowledge-navigator\chatbot-kn-analysis.php:77
actionknowledge_navigator_scan_hookincludes\knowledge-navigator\chatbot-kn-scheduler.php:42
actionadmin_initincludes\knowledge-navigator\chatbot-kn-settings.php:188
actionchatbot_markov_chain_next_batchincludes\markov-chain\chatbot-markov-chain-encode.php:198
actionchatbot_markov_chain_scheduler_hookincludes\markov-chain\chatbot-markov-chain-scheduler.php:47
actionchatbot_markov_chain_scan_hookincludes\markov-chain\chatbot-markov-chain-scheduler.php:69
filtercron_schedulesincludes\markov-chain\chatbot-markov-chain-scheduler.php:135
actionadmin_initincludes\settings\chatbot-settings-api-anthropic.php:319
actionadmin_initincludes\settings\chatbot-settings-api-azure-assistants.php:200
actionadmin_initincludes\settings\chatbot-settings-api-azure.php:861
actionadmin_initincludes\settings\chatbot-settings-api-deepseek.php:331
actionadmin_initincludes\settings\chatbot-settings-api-google.php:364
actionadmin_initincludes\settings\chatbot-settings-api-local.php:340
actionadmin_initincludes\settings\chatbot-settings-api-mistral-agents.php:210
actionadmin_initincludes\settings\chatbot-settings-api-mistral.php:331
actionadmin_initincludes\settings\chatbot-settings-api-nvidia.php:320
actionadmin_initincludes\settings\chatbot-settings-api-openai-assistants.php:210
actionupdated_optionincludes\settings\chatbot-settings-api-test.php:854
actionadmin_initincludes\settings\chatbot-settings-appearance.php:354
actionwp_footerincludes\settings\chatbot-settings-appearance.php:475
actionadmin_initincludes\settings\chatbot-settings-avatar.php:206
actionadmin_initincludes\settings\chatbot-settings-buttons.php:117
actionadmin_initincludes\settings\chatbot-settings-diagnostics.php:154
actionadmin_noticesincludes\settings\chatbot-settings-diagnostics.php:709
actionadmin_initincludes\settings\chatbot-settings-general.php:591
filterplugin_row_metaincludes\settings\chatbot-settings-links.php:39
actionadmin_initincludes\settings\chatbot-settings-markov-chain.php:346
actionadmin_menuincludes\settings\chatbot-settings-menus.php:18
actionadmin_menuincludes\settings\chatbot-settings-menus.php:76
actionadmin_noticesincludes\settings\chatbot-settings-notices.php:24
actionadmin_noticesincludes\settings\chatbot-settings-notices.php:61
actionadmin_initincludes\settings\chatbot-settings-notices.php:72
actionadmin_initincludes\settings\chatbot-settings-notices.php:140
actionadmin_initincludes\settings\chatbot-settings-notices.php:174
actionadmin_initincludes\settings\chatbot-settings-notices.php:217
actionadmin_noticesincludes\settings\chatbot-settings-notices.php:410
actionadmin_noticesincludes\settings\chatbot-settings-notices.php:504
actionadmin_initincludes\settings\chatbot-settings-notices.php:537
actionadmin_initincludes\settings\chatbot-settings-registration-api.php:276
actionadmin_initincludes\settings\chatbot-settings-registration-kn.php:195
actionadmin_initincludes\settings\chatbot-settings-registration.php:23
actionadmin_initincludes\settings\chatbot-settings-reporting.php:196
actionchatbot_chatgpt_delete_chartincludes\settings\chatbot-settings-reporting.php:1038
actionadmin_post_chatbot_chatgpt_download_conversation_dataincludes\settings\chatbot-settings-reporting.php:1410
actionadmin_post_chatbot_chatgpt_download_interactions_dataincludes\settings\chatbot-settings-reporting.php:1411
actionadmin_post_chatbot_chatgpt_download_token_usage_dataincludes\settings\chatbot-settings-reporting.php:1412
actionupdate_option_chatbot_chatgpt_conversation_digest_enabledincludes\settings\chatbot-settings-reporting.php:1765
actionupdate_option_chatbot_chatgpt_conversation_digest_frequencyincludes\settings\chatbot-settings-reporting.php:1775
actionupdate_option_chatbot_chatgpt_insights_email_enabledincludes\settings\chatbot-settings-reporting.php:1838
actionupdate_option_chatbot_chatgpt_insights_email_frequencyincludes\settings\chatbot-settings-reporting.php:1861
actionadmin_initincludes\settings\chatbot-settings-reporting.php:1960
actionadmin_noticesincludes\settings\chatbot-settings-reporting.php:1976
actionadmin_initincludes\settings\chatbot-settings-support.php:31
actionadmin_initincludes\settings\chatbot-settings-tools.php:88
actionadmin_post_chatbot_transformer_model_rebuild_cacheincludes\settings\chatbot-settings-transformers.php:577
actionadmin_initincludes\settings\chatbot-settings-transformers.php:579
actionchatbot_transformer_model_scheduler_hookincludes\transformers\transformer-model-scheduler.php:63
actionchatbot_transformer_model_scan_hookincludes\transformers\transformer-model-scheduler.php:129
actionadmin_footerincludes\utilities\chatbot-agents-mistral.php:458
actionadmin_footerincludes\utilities\chatbot-assistants-azure.php:455
actionadmin_footerincludes\utilities\chatbot-assistants.php:435
actionrest_api_initincludes\utilities\chatbot-assisted-search.php:17
actionkognetiks_insights_send_conversation_digest_email_hookincludes\utilities\chatbot-conversation-digest.php:219
actionchatbot_chatgpt_conversation_log_cleanup_eventincludes\utilities\chatbot-db-management.php:475
actionadmin_noticesincludes\utilities\chatbot-deactivate.php:38
actionchatbot_chatgpt_cleanup_transcript_filesincludes\utilities\chatbot-download-transcript.php:83
actionchatbot_chatgpt_cleanup_download_filesincludes\utilities\chatbot-file-download.php:109
actionchatbot_chatgpt_cleanup_upload_filesincludes\utilities\chatbot-file-upload.php:667
actionkognetiks_insights_send_emailincludes\utilities\chatbot-helper-functions.php:201
actionadmin_initincludes\utilities\chatbot-keyguard.php:318
actionchatbot_chatgpt_freemius_loadedincludes\utilities\chatbot-vendor-management.php:79
filtershow_admin_noticeincludes\utilities\chatbot-vendor-management.php:115
filtershow_deactivation_feedback_formincludes\utilities\chatbot-vendor-management.php:174
filtershow_deactivation_subscription_cancellationincludes\utilities\chatbot-vendor-management.php:175
actionadmin_headincludes\utilities\chatbot-vendor-management.php:183
actionadmin_initincludes\utilities\chatbot-vendor-management.php:221
actionadmin_post_download_logtools\chatbot-manage-error-logs.php:372
actionadmin_post_delete_logtools\chatbot-manage-error-logs.php:373
actionadmin_post_delete_all_logstools\chatbot-manage-error-logs.php:374
actionadmin_post_fix_permissionstools\chatbot-manage-error-logs.php:375
actionadmin_post_chatbot_chatgpt_download_options_datatools\chatbot-options-exporter.php:133
actioninittools\chatbot-shortcode-tester-tool.php:62
actionadmin_post_download_widget_logwidgets\chatbot-manage-widget-logs.php:197
actionadmin_post_delete_widget_logwidgets\chatbot-manage-widget-logs.php:198
actionadmin_post_delete_all_widget_logswidgets\chatbot-manage-widget-logs.php:199

Scheduled Events 38

chatbot_chatgpt_cleanup_event
chatbot_chatgpt_conversation_log_cleanup_event
chatbot_chatgpt_cleanup_transcript_files
chatbot_chatgpt_cleanup_audio_files
chatbot_chatgpt_cleanup_upload_files
chatbot_chatgpt_cleanup_download_files
delete_azure_uploaded_file
delete_azure_uploaded_file
delete_azure_uploaded_file
delete_uploaded_file
delete_uploaded_file
delete_uploaded_file
chatbot_chatgpt_delete_audio_file
kognetiks_insights_send_proof_of_value_email_hook
kognetiks_insights_automated_scoring
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_kn_acquire_controller
chatbot_markov_chain_next_batch
chatbot_markov_chain_scan_hook
chatbot_markov_chain_scan_hook
chatbot_chatgpt_delete_chart
chatbot_transformer_model_scan_hook
chatbot_transformer_model_scan_hook
chatbot_transformer_model_scan_hook
kognetiks_insights_send_conversation_digest_email_hook
chatbot_chatgpt_conversation_log_cleanup_event
Maintenance & Trust

Kognetiks Chatbot for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 13, 2026
PHP min version
Downloads66K

Community Trust

Rating90/100
Number of ratings22
Active installs900
Alternatives

Kognetiks Chatbot for WordPress Alternatives

LocoAI – Auto Translate For Loco Translate

LocoAI – Auto Translate For Loco Translate

automatic-translator-addon-for-loco-translate

A
100

LocoAI - Auto Translate For Loco Translate is a powerful tool for developers looking to quickly translate their WordPress plugins and themes.

80K No CVEs
BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

betterdocs

A
86

A full-featured documentation plugin including AI writing assistance to create knowledge bases, docs, FAQs, wikis, and more with easy drag & drop UI.

40K 7 CVEs
WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

B
76

AI ChatBot for WordPress WPBot - Automated 24/7 Live Chat Customer Support. NATIVE, Lead Generation, Forms, Gemini, DialogFlow, ChatGPT, OpenRouter

6K 34 CVEs
AI Chatbot – Jotform

AI Chatbot – Jotform

jotform-ai-chatbot

A
100

AI chatbot that automates support, answers FAQs, drives WooCommerce sales, generates leads, and boosts engagement — easy setup, no coding!

4K No CVEs
AI WP Writer – SEO content generator, chatGPT, Gemini

AI WP Writer – SEO content generator, chatGPT, Gemini

ai-wp-writer

A
99

Create high-quality SEO articles and AI images. Auto-fill website. Generate, rewrite and translate with AI. Powered by Gemini, GPT-5, NanoBanana, FLUX

3K 2 CVEs
Developer Profile

Kognetiks Chatbot for WordPress Developer Profile

kognetiks

3 plugins · 910 total installs

96
trust score
Avg Security Score
94/100
Avg Patch Time
2 days
View full developer profile
Detection Fingerprints

How We Detect Kognetiks Chatbot for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/chatbot-chatgpt/css/frontend.css/wp-content/plugins/chatbot-chatgpt/js/frontend.js
Script Paths
/wp-content/plugins/chatbot-chatgpt/js/frontend.js
Version Parameters
chatbot-chatgpt/css/frontend.css?ver=chatbot-chatgpt/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
kognetiks-chatbot-containerkognetiks-chat-messagekognetiks-chat-bubblekognetiks-user-messagekognetiks-assistant-messagekognetiks-input-areakognetiks-send-button
HTML Comments
DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THEfunction_exists CALL ABOVE TO PROPERLY WORK.Start output buffering earlier to prevent "headers already sent" issues - Ver 2.1.8Assign a unique ID to the visitor and logged-in users - Ver 2.0.4+27 more
Data Attributes
kognetiks_unique_id
JS Globals
chatbot_chatgpt_plugin_versionchatbot_chatgpt_plugin_dir_pathchatbot_chatgpt_plugin_dir_urlsession_iduser_id
FAQ

Frequently Asked Questions about Kognetiks Chatbot for WordPress