Does ChatPress.ai – The Simplest AI Chatbot for Your Website have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ChatPress.ai – The Simplest AI Chatbot for Your Website compatible with WordPress 6.8.5?

According to WordPress.org data, ChatPress.ai – The Simplest AI Chatbot for Your Website 1.3.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is ChatPress.ai – The Simplest AI Chatbot for Your Website compatible with PHP 8.1+?

ChatPress.ai – The Simplest AI Chatbot for Your Website requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

ChatPress.ai – The Simplest AI Chatbot for Your Website Security & Risk Analysis

wordpress.org/plugins/chatpress-ai

ChatPress is the simplest way to add AI to your site: One plugin. One API key. Live in under 10 minutes.

40 active installs v1.3.4 PHP 8.1+ WP 6.1+ Updated Jan 28, 2026

artificial-intelligencechatchat-gptchatbotchatgpt

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ChatPress.ai – The Simplest AI Chatbot for Your Website Safe to Use in 2026?

Generally Safe

Score 100/100

ChatPress.ai – The Simplest AI Chatbot for Your Website has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The 'chatpress-ai' v1.3.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, properly escaping all output, and having no recorded vulnerabilities in its history. The absence of known CVEs and common vulnerability types suggests a diligent approach to security by the developers. However, there are significant areas of concern that detract from its overall security.

The static analysis reveals a considerable attack surface, with 34 REST API routes, and critically, 5 of these lack any permission callbacks. This means that sensitive functionalities exposed via these routes could potentially be accessed and exploited by unauthenticated users. Furthermore, the presence of a `unserialize` function is a red flag, as it can lead to unserialization vulnerabilities if used with untrusted input. The lack of nonce checks on AJAX handlers, although there are no AJAX handlers detected, is a general good practice that is missing. The plugin also makes external HTTP requests, which, depending on their implementation, could be a vector for further attacks.

While the plugin's vulnerability history is clean, this does not negate the risks identified in the static analysis. The lack of permission checks on multiple REST API endpoints is a direct and immediate security risk that needs to be addressed. The presence of `unserialize` also warrants careful scrutiny. The plugin's strengths lie in its database query hygiene and output escaping, but these are overshadowed by the exposed REST API endpoints and the potential for unserialization vulnerabilities.

Key Concerns

REST API routes without permission callbacks
Presence of 'unserialize' function
No nonce checks on AJAX handlers

Vulnerabilities

None known

ChatPress.ai – The Simplest AI Chatbot for Your Website Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ChatPress.ai – The Simplest AI Chatbot for Your Website Release Timeline

v1.3.4Current

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.0

v1.1.0

Code Analysis

Analyzed Mar 16, 2026

ChatPress.ai – The Simplest AI Chatbot for Your Website Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$maybe = @unserialize($value);classes\class-add-pages-routes.php:186

Output Escaping

100% escaped16 total outputs

Attack Surface

5 unprotected

ChatPress.ai – The Simplest AI Chatbot for Your Website Attack Surface

Entry Points34

Unprotected5

REST API Routes 34

GET/wp-json/cpai/v1/get-page-idsclasses\class-add-pages-routes.php:17

GET/wp-json/cpai/v1/get-post-idsclasses\class-add-pages-routes.php:22

GET/wp-json/cpai/v1/get-custom-post-idsclasses\class-add-pages-routes.php:27

GET/wp-json/cpai/v1/get-page-post-idsclasses\class-add-pages-routes.php:32

GET/wp-json/cpai/v1/initial-pages-postsclasses\class-add-pages-routes.php:37

GET/wp-json/cpai/v1/initial-custom-postsclasses\class-add-pages-routes.php:43

GET/wp-json/cpai/v1/pagesclasses\class-add-pages-routes.php:49

GET/wp-json/cpai/v1/postsclasses\class-add-pages-routes.php:55

GET/wp-json/cpai/v1/custom-postsclasses\class-add-pages-routes.php:61

GET/wp-json/cpai/v1/post-typesclasses\class-add-pages-routes.php:67

GET/wp-json/cpai/v1/get-product-idsclasses\class-add-pages-routes.php:74

GET/wp-json/cpai/v1/productsclasses\class-add-pages-routes.php:79

GET/wp-json/cpai/v1/storeclasses\class-add-pages-routes.php:84

GET/wp-json/cpai/v1/added-productsclasses\class-add-pages-routes.php:89

GET/wp-json/cpai/v1/pages-access-enabledclasses\class-add-pages-routes.php:98

GET/wp-json/cpai/v1/get-page-content/(?P<page_id>\d+)classes\class-add-pages-routes.php:103

GET/wp-json/cpai/v1/settingsclasses\class-create-settings-routes.php:17

GET/wp-json/cpai/v1/settings/api_keyclasses\class-create-settings-routes.php:22

POST/wp-json/cpai/v1/settings/api_keyclasses\class-create-settings-routes.php:27

POST/wp-json/cpai/v1/settings/chatbot_createdclasses\class-create-settings-routes.php:32

POST/wp-json/cpai/v1/settings/pages_addedclasses\class-create-settings-routes.php:38

POST/wp-json/cpai/v1/settings/update_page_idsclasses\class-create-settings-routes.php:44

POST/wp-json/cpai/v1/settings/update_posts_idsclasses\class-create-settings-routes.php:50

POST/wp-json/cpai/v1/settings/update_custom_posts_idsclasses\class-create-settings-routes.php:56

POST/wp-json/cpai/v1/settings/resetclasses\class-create-settings-routes.php:62

POST/wp-json/cpai/v1/settings/restoreclasses\class-create-settings-routes.php:68

POST/wp-json/cpai/v1/settings/products_addedclasses\class-create-settings-routes.php:74

POST/wp-json/cpai/v1/settings/update_product_idsclasses\class-create-settings-routes.php:80

POST/wp-json/cpai/v1/settings/delete-chatbotclasses\class-create-settings-routes.php:86

GET/wp-json/cpai/v1/refresh-nonceclasses\class-create-settings-routes.php:92

GET/wp-json/cpai/v1/wc-access-enabledclasses\class-create-wc-routes.php:16

GET/wp-json/cpai/v1/get-wc-productsclasses\class-create-wc-routes.php:21

POST/wp-json/cpai/v1/publish-chatbotclasses\class-publish-chatbot.php:14

GET/wp-json/cpai/v1/unpublish-chatbotclasses\class-publish-chatbot.php:19

WordPress Hooks 8

actionadmin_menuChatPress.php:20

actionadmin_enqueue_scriptsChatPress.php:39

actionadmin_enqueue_scriptsChatPress.php:40

actionrest_api_initclasses\class-add-pages-routes.php:12

actionrest_api_initclasses\class-create-settings-routes.php:12

actionrest_api_initclasses\class-create-wc-routes.php:11

actionrest_api_initclasses\class-publish-chatbot.php:9

actionwp_enqueue_scriptsclasses\class-publish-chatbot.php:10

Maintenance & Trust

ChatPress.ai – The Simplest AI Chatbot for Your Website Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 28, 2026

PHP min version8.1

Downloads3K

Community Trust

Rating100/100

Number of ratings2

Active installs40

Alternatives

ChatPress.ai – The Simplest AI Chatbot for Your Website Alternatives

Generatify – All-in-One Artificial Intelligence (AI) on Autopilot

generatify

100

Power your site with AI – chatbot, automations, helpdesk agent, suggestions, moderation, and integrations with ChatGPT, Claude & Gemini integrations.

0 No CVEs

Chat Button & Custom ChatGPT-Powered Bot by GetButton.io

whatshelp-chat-button

100

Floating button for chatting with your visitors via WhatsApp, Messenger, Contact form, and more.

20K 1 CVE

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

AI ChatBot for WordPress WPBot - Automated 24/7 Live Chat Customer Support. NATIVE, Lead Generation, Forms, Gemini, DialogFlow, ChatGPT, OpenRouter

6K 35 CVEs

AI Chatbot – Jotform

jotform-ai-chatbot

100

AI chatbot that automates support, answers FAQs, drives WooCommerce sales, generates leads, and boosts engagement — easy setup, no coding!

4K No CVEs

AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o

aibuddy-openai-chatgpt

100

AI Bud an AI Content & Image Generation, AI ChatBot, ChatGPT, OpenAI, Perplexity, Gemini, GPT-4o, LLAMA, Mistral

3K No CVEs

Developer Profile

ChatPress.ai – The Simplest AI Chatbot for Your Website Developer Profile

chatpress

2 plugins · 40 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ChatPress.ai – The Simplest AI Chatbot for Your Website

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/chatpress-ai/build/index.css/wp-content/plugins/chatpress-ai/build/index.js

Script Paths

https://chatpress.ai/embed/

HTML / DOM Fingerprints

Data Attributes

data-wp-elementdata-wp-data

JS Globals

appLocalizer

REST Endpoints

/cpai/v1/publish-chatbot/cpai/v1/unpublish-chatbot/cpai/v1/get-page-ids/cpai/v1/get-post-ids/cpai/v1/get-custom-post-ids

FAQ