WP-Safety

ContentBot AI Writer (ChatGPT, GPT4) Security & Risk Analysis

wordpress.org/plugins/content-bot

Get ideas, inspiration, and content in a few clicks with our AI Writer. All content is unique and original. Simply tweak it and go.

600 active installs v1.2.4 PHP 5.6+ WP 3.8+ Updated Sep 4, 2024
ai-contentai-writerartificial-intelligencechatgptgpt4
71
B · Generally Safe
CVEs total1
Unpatched1
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is ContentBot AI Writer (ChatGPT, GPT4) Safe to Use in 2026?

Mostly Safe

Score 71/100

ContentBot AI Writer (ChatGPT, GPT4) is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 1yr ago
Risk Assessment

The "content-bot" v1.2.4 plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a decent number of nonce checks, significant concerns exist regarding its attack surface and output escaping. The presence of two REST API routes without permission callbacks represents a clear vulnerability, as it exposes functionality without proper authorization checks. Furthermore, only 57% of output is properly escaped, leaving potential for cross-site scripting (XSS) vulnerabilities where unsanitized data might be rendered. The taint analysis also indicates one flow with unsanitized paths, though it is not categorized as critical or high severity, it still represents a potential weakness.

The vulnerability history, with one medium severity CVE for Cross-site Scripting, is concerning, especially since it's currently unpatched. The fact that the last vulnerability was recorded recently (April 1, 2025) suggests an ongoing struggle with code security. This, combined with the identified weaknesses in the static analysis, points to a plugin that requires immediate attention and remediation to mitigate risks. While the plugin has some positive security attributes, the unpatched vulnerability and unprotected entry points significantly elevate the overall risk.

Key Concerns

  • REST API routes without permission callbacks
  • Output escaping is not fully implemented (57%)
  • Unpatched medium severity CVE for XSS
  • Flows with unsanitized paths
  • No capability checks on entry points
Vulnerabilities
1

ContentBot AI Writer (ChatGPT, GPT4) Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31818medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ContentBot AI Writer <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

ContentBot AI Writer (ChatGPT, GPT4) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
16
21 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

57% escaped37 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
cbai_saveApiKey (content-bot.php:743)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

ContentBot AI Writer (ChatGPT, GPT4) Attack Surface

Entry Points6
Unprotected2

AJAX Handlers 4

authwp_ajax_contentbot_save_apikeycontent-bot.php:742
authwp_ajax_contentbot_save_websitecontent-bot.php:760
authwp_ajax_contentbot_save_otlcontent-bot.php:777
authwp_ajax_contentbot_save_modelcontent-bot.php:794

REST API Routes 2

POST/wp-json/content-bot/cbai_import_documentcontent-bot.php:584
POST/wp-json/content-bot/cbai_force_unlinkcontent-bot.php:591
WordPress Hooks 10
actionenqueue_block_editor_assetscontent-bot.php:119
actionadmin_enqueue_scriptscontent-bot.php:203
actionadmin_menucontent-bot.php:222
actionactivated_plugincontent-bot.php:390
actionadd_meta_boxescontent-bot.php:463
actionload-edit.phpcontent-bot.php:501
actionadmin_initcontent-bot.php:550
actionrest_api_initcontent-bot.php:582
actioninitcontent-bot.php:806
filterhttp_request_timeoutincludes\class.rewriter.php:22
Maintenance & Trust

ContentBot AI Writer (ChatGPT, GPT4) Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 4, 2024
PHP min version5.6
Downloads24K

Community Trust

Rating94/100
Number of ratings19
Active installs600
Alternatives

ContentBot AI Writer (ChatGPT, GPT4) Alternatives

Insapption AI Content Generator (ChatGPT, GPT3, GPT4, DALL-E)

Insapption AI Content Generator (ChatGPT, GPT3, GPT4, DALL-E)

insapption-ai

A
85

Get visual and editorial content in a few clicks with our Artificial Intelligence Author. All content is unique and original.

0 No CVEs
GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

getgenie

A
95

GPT-4o powered AI content writer with 37+ templates, chatbot, AI image, NLP keyword research, SEO analysis for WordPress, Gutenberg & Elementor.

70K 4 CVEs
BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

betterdocs

A
86

A full-featured documentation plugin including AI writing assistance to create knowledge bases, docs, FAQs, wikis, and more with easy drag & drop UI.

40K 7 CVEs
TextBuilder

TextBuilder

textbuilder

A
98

With the TextBuilder.ai WordPress Plugin, you can quickly create content and post it directly to your blog without any manual effort.

5K 1 CVE
WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek

ai-content-generation

B
76

WP Wand is a powerful AI Content Writer for WordPress. Your AI Co-Pilot for generating content, powered by OpenAI, Claude, OpenRouter and Deepseek.

1K 1 unpatched
Developer Profile

ContentBot AI Writer (ChatGPT, GPT4) Developer Profile

ContentBot.ai

1 plugin · 600 total installs

74
trust score
Avg Security Score
71/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ContentBot AI Writer (ChatGPT, GPT4)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-bot/js/functions.js/wp-content/plugins/content-bot/js/script.js/wp-content/plugins/content-bot/js/frame-builders.js/wp-content/plugins/content-bot/js/block-controls.js/wp-content/plugins/content-bot/js/content-modulizer.js/wp-content/plugins/content-bot/css/style.css/wp-content/plugins/content-bot/css/cb-admin-styles.css
Script Paths
/wp-content/plugins/content-bot/js/functions.js/wp-content/plugins/content-bot/js/script.js/wp-content/plugins/content-bot/js/frame-builders.js/wp-content/plugins/content-bot/js/block-controls.js/wp-content/plugins/content-bot/js/content-modulizer.js
Version Parameters
content-bot/js/functions.js?ver=content-bot/js/script.js?ver=content-bot/js/frame-builders.js?ver=content-bot/js/block-controls.js?ver=content-bot/js/content-modulizer.js?ver=content-bot/css/style.csscontent-bot/css/cb-admin-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
cbai-block-containercbai_buttoncbai_custom_inputcbai_settings_pagecbai-editor-wrappercbai-modal-contentcbai-button-wrappercbai-modal-overlay
HTML Comments
<!-- ContentBot Main Wrapper --><!-- Wrapper for ContentBot Options --><!-- ContentBot Frame Builder --><!-- ContentBot Settings -->
Data Attributes
data-cbai-modaldata-cbai-modal-close
JS Globals
cbai_dataContentBotPlugin
REST Endpoints
/wp-json/cbai/v1/import_document/wp-json/cbai/v1/unlink
FAQ

Frequently Asked Questions about ContentBot AI Writer (ChatGPT, GPT4)