WP-Safety

Chatbot with IBM watsonx Assistant Security & Risk Analysis

wordpress.org/plugins/conversation-watson

This plugin allows you to easily add chatbots powered by IBM watsonx Assistant to your website.

500 active installs v0.9.1 PHP + WP 4.7+ Updated Feb 10, 2025
artificial-intelligencechatchat-botchatbotsupport
92
A · Safe
CVEs total1
Unpatched0
Last CVEJan 21, 2020
Download
Safety Verdict

Is Chatbot with IBM watsonx Assistant Safe to Use in 2026?

Generally Safe

Score 92/100

Chatbot with IBM watsonx Assistant has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 21, 2020Updated 1yr ago
Risk Assessment

The "conversation-watson" plugin v0.9.1 presents a mixed security posture. While it demonstrates good practices in areas like prepared SQL statements (95%) and a lack of dangerous functions, significant concerns arise from its attack surface and output escaping. The plugin has 7 total entry points, with 3 of these (3 REST API routes) lacking proper permission callbacks, exposing them to potential unauthorized access or manipulation. The low rate of properly escaped output (28%) is a major red flag, significantly increasing the risk of Cross-Site Scripting (XSS) vulnerabilities, especially given its historical CVE for XSS.

The vulnerability history shows one medium-severity CVE related to XSS, which was last patched in early 2020. While there are no currently unpatched vulnerabilities, the past XSS issue combined with the poor output escaping in the current version suggests a persistent weakness in sanitizing user-supplied data before displaying it. The plugin also makes 12 external HTTP requests, which, without proper validation, could be leveraged in more complex attack chains. Overall, the plugin has strengths in avoiding critical code signals like dangerous functions and raw SQL, but the unprotected entry points and inadequate output escaping create significant security risks that need to be addressed.

Key Concerns

  • REST API routes without permission callbacks
  • Low percentage of properly escaped output
  • Medium severity vulnerability in history (XSS)
  • External HTTP requests without clear validation context
Vulnerabilities
1

Chatbot with IBM watsonx Assistant Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2020-7239medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chatbot with IBM Watson < 0.8.21 - Cross-Site Scripting

Jan 21, 2020 Patched in 0.8.21 (1463d)
Code Analysis
Analyzed Mar 16, 2026

Chatbot with IBM watsonx Assistant Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
19 prepared
Unescaped Output
72
28 escaped
Nonce Checks
4
Capability Checks
9
File Operations
1
External Requests
12
Bundled Libraries
0

SQL Query Safety

95% prepared20 total queries

Output Escaping

28% escaped100 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<customize> (includes\settings\customize.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Chatbot with IBM watsonx Assistant Attack Surface

Entry Points7
Unprotected3

REST API Routes 6

post/wp-json/watsonconv/v1/messageincludes\api.php:34
get/wp-json/watsonconv/v1/twilio-tokenincludes\api.php:51
post/wp-json/watsonconv/v1/twilio-callincludes\api.php:59
post/wp-json/watsonconv/v1/test-emailincludes\api.php:68
post/wp-json/watsonconv/v1/test-notificationincludes\api.php:78
post/wp-json/watsonconv/v1/get-logoincludes\api.php:88

Shortcodes 1

[watson-chat-box] includes\frontend.php:7
WordPress Hooks 27
actionwatson_get_iam_tokenincludes\api.php:7
actionwatson_save_to_diskincludes\api.php:8
actionwatson_reset_total_usageincludes\api.php:9
actionwatson_reset_client_usageincludes\api.php:10
actionrest_api_initincludes\api.php:11
actionupdate_option_watsonconv_intervalincludes\api.php:12
actionupdate_option_watsonconv_client_intervalincludes\api.php:13
filtercron_schedulesincludes\api.php:14
actionphpmailer_initincludes\api.php:15
actionwp_mail_failedincludes\api.php:16
filtercron_schedulesincludes\background-processing\wp-background-process.php:64
actionplugins_loadedincludes\background-task-runner.php:114
actioninitincludes\background-task-runner.php:116
actioninitincludes\email_notificator.php:7
actionwp_loadedincludes\frontend.php:4
actionwp_enqueue_scriptsincludes\frontend.php:5
actionwp_footerincludes\frontend.php:6
actionrest_api_initincludes\logger.php:29
filterwp_mail_fromincludes\settings\advanced.php:1143
actionadmin_menuincludes\settings\main.php:8
actionadmin_initincludes\settings\main.php:9
actionadmin_enqueue_scriptsincludes\settings\main.php:10
actionplugins_loadedincludes\settings\main.php:14
actionplugins_loadedincludes\settings\main.php:15
actionplugins_loadedincludes\settings\main.php:16
actionplugins_loadedincludes\settings\main.php:17
actionupgrader_process_completeincludes\settings\main.php:18

Scheduled Events 3

watson_save_to_disk
watson_reset_total_usage
watson_reset_client_usage
Maintenance & Trust

Chatbot with IBM watsonx Assistant Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 10, 2025
PHP min version
Downloads97K

Community Trust

Rating88/100
Number of ratings25
Active installs500
Alternatives

Chatbot with IBM watsonx Assistant Alternatives

SiteGPT – AI Chatbot

SiteGPT – AI Chatbot

sitegpt

A
100

Add an intelligent AI chatbot to your site. Boost engagement and support with advanced conversational AI.

40 No CVEs
Instant Answers Chatbot

Instant Answers Chatbot

instant-answers-chatbot

A
85

Embed an AI-powered chatbot created with Instant Answers into your WordPress site seamlessly.

10 No CVEs
LoryBot | Advanced AI Chatbot

LoryBot | Advanced AI Chatbot

lorybot-ai-chatbot

A
92

LoryBot is a AI Chatbot for WordPress

10 No CVEs
AI Question-Answer Chatbot from Camhdk

AI Question-Answer Chatbot from Camhdk

ai-chatbot-camhdk

A
92

AI Question-Answer Chatbot is a plugin that uses AI to provide instant responses, enhancing engagement and offering 24/7 automated support.

0 No CVEs
چت بات هوش مصنوعی پشتیبان هوشمند آتیرام- Atirame chatbot AI

چت بات هوش مصنوعی پشتیبان هوشمند آتیرام- Atirame chatbot AI

atirame-ai-chatbox-assistant

A
100

A simple plugin to add the smart Atirame AI chatbot to your WordPress site. این پلاگین ساده چت بات هوش مصنوعی آتیرام را به سایت وردپرس شما اضافه می‌کن &hellip;

0 No CVEs
Developer Profile

Chatbot with IBM watsonx Assistant Developer Profile

IBM Skills Network

1 plugin · 500 total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1463 days
View full developer profile
Detection Fingerprints

How We Detect Chatbot with IBM watsonx Assistant

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/conversation-watson/css/chatbox.css/wp-content/plugins/conversation-watson/js/chatbox.js/wp-content/plugins/conversation-watson/js/chatbot.js
Script Paths
/wp-content/plugins/conversation-watson/js/chatbox.js/wp-content/plugins/conversation-watson/js/chatbot.js
Version Parameters
conversation-watson/css/chatbox.css?ver=conversation-watson/js/chatbox.js?ver=conversation-watson/js/chatbot.js?ver=

HTML / DOM Fingerprints

CSS Classes
watson-messagewatson-fontwatson-headerwatson-fabchatbox-logo
Data Attributes
id="watson-box"id="watson-fab-float"id="watson-fab-icon"id="watson-fab-text"id="watson-header"id="message-container"+2 more
JS Globals
window.watsonconv
Shortcode Output
[watson-chat-box]
FAQ

Frequently Asked Questions about Chatbot with IBM watsonx Assistant