Does GW AI Website Builder have any unpatched vulnerabilities?

No. All known vulnerabilities in GW AI Website Builder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GW AI Website Builder compatible with WordPress 6.9.4?

According to WordPress.org data, GW AI Website Builder 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is GW AI Website Builder compatible with PHP 8.0+?

GW AI Website Builder requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GW AI Website Builder updated?

GW AI Website Builder was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is GW AI Website Builder's security score?

GW AI Website Builder has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GW AI Website Builder Security & Risk Analysis

wordpress.org/plugins/gw-ai-website-builder

Build WordPress websites with AI and Elementor. No coding needed. Create responsive sites with live preview in minutes.

100 active installs v1.0.3 PHP 8.0+ WP 5.6+ Updated Mar 13, 2026

ai-website-builderelementor-templatesno-code-website-builderresponsive-websiteswordpress-ai-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GW AI Website Builder Safe to Use in 2026?

Generally Safe

Score 100/100

GW AI Website Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The gw-ai-website-builder v1.0.4 plugin exhibits a generally good security posture with several strengths. The plugin demonstrates excellent practices in output escaping, with 99% of outputs being properly handled, significantly reducing the risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the vast majority of SQL queries (63%) utilize prepared statements, which is a crucial defense against SQL injection. The presence of nonce checks on all 62 REST API routes and 68 capability checks also indicates a good effort to secure administrative functions. The absence of known CVEs and a clean vulnerability history further contribute to a positive security assessment.

However, there are a few areas that warrant attention. The presence of the `unserialize` function, while not directly exploitable without a specific trigger, is a known risk vector for deserialization vulnerabilities. Additionally, the taint analysis revealed two flows with unsanitized paths, which, although not classified as critical or high severity, represent potential entry points for path traversal or other file system related attacks if not handled carefully by the plugin's logic. The single unprotected REST API route is a definite concern, as it exposes an entry point without any permission checks, making it accessible to unauthenticated users and potentially allowing for unintended actions or information disclosure. The plugin also has a relatively large attack surface with 63 total entry points, and while most are protected, the single unprotected one stands out.

In conclusion, gw-ai-website-builder v1.0.4 is largely well-secured with strong practices in output sanitization and SQL query handling. The lack of past vulnerabilities is a positive sign. However, the presence of `unserialize`, unsanitized paths in taint flows, and especially the unprotected REST API route are weaknesses that introduce specific, albeit potentially manageable, risks. Addressing these points would further strengthen the plugin's security.

Key Concerns

REST API route without permission callbacks
Flows with unsanitized paths
Dangerous function detected (unserialize)

Vulnerabilities

None known

GW AI Website Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

GW AI Website Builder Code Analysis

Dangerous Functions

Raw SQL Queries

60 prepared

Unescaped Output

291 escaped

Nonce Checks

Capability Checks

File Operations

102

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$elementor_data = unserialize($elementor_data);API\api-functions.php:2566

SQL Query Safety

63% prepared96 total queries

Output Escaping

99% escaped293 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

gwaiwebu_gravitywrite_settings_page (API\api-functions.php:4259)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

GW AI Website Builder Attack Surface

Entry Points63

Unprotected1

AJAX Handlers 1

authwp_ajax_gwaiwebu_gravitywrite_disconnectAPI\api-functions.php:4129

REST API Routes 62

POST/wp-json/custom/v1/check-image-countAPI\api-functions.php:7

POST/wp-json/custom/v1/install-animationAPI\api-functions.php:15

POST/wp-json/elementor-image-update/v1/update-imagesAPI\api-functions.php:23

POST/wp-json/custom/v1/plugin-activateAPI\api-functions.php:31

GET/wp-json/custom/v1/get-userdataAPI\api-functions.php:39

POST/wp-json/custom/v1/set-logo-widthAPI\api-functions.php:48

GET/wp-json/custom/v1/check-previous-importAPI\api-functions.php:56

GET/wp-json/custom/v1/get-user-tokenAPI\api-functions.php:64

GET/wp-json/custom/v1/user-details-reactAPI\api-functions.php:72

GET/wp-json/custom/v1/disconnectAPI\api-functions.php:80

GET/wp-json/custom/v1/save_user_plan_detailsAPI\api-functions.php:88

POST/wp-json/custom/v1/update-countAPI\api-functions.php:96

GET/wp-json/custom/v1/check-word-countAPI\api-functions.php:104

GET/wp-json/custom/v1/check-site-countAPI\api-functions.php:112

DELETE/wp-json/custom/v1/delete-uploadsAPI\api-functions.php:120

POST/wp-json/custom/v1/create-uploadsAPI\api-functions.php:127

GET/wp-json/custom/v1/delete-all-stylesAPI\api-functions.php:134

GET/wp-json/custom/v1/remove-all-generated-dataAPI\api-functions.php:141

GET/wp-json/custom/v1/install-pluginAPI\api-functions.php:148

GET/wp-json/custom/v1/install-themeAPI\api-functions.php:155

GET/wp-json/custom/v1/install-postsAPI\api-functions.php:162

GET/wp-json/custom/v1/install-pagesAPI\api-functions.php:169

GET/wp-json/custom/v1/install-formsAPI\api-functions.php:176

GET/wp-json/custom/v1/install-elementor-kitAPI\api-functions.php:183

GET/wp-json/custom/v1/install-elementor-settingsAPI\api-functions.php:191

GET/wp-json/custom/v1/install-header-footerAPI\api-functions.php:198

GET/wp-json/custom/v1/update-form-detailsAPI\api-functions.php:205

GET/wp-json/custom/v1/get-form-detailsAPI\api-functions.php:212

GET/wp-json/custom/v1/import-menus-cssAPI\api-functions.php:217

GET/wp-json/custom/v1/import-sitelogoAPI\api-functions.php:224

GET/wp-json/custom/v1/delete-sitelogoAPI\api-functions.php:231

GET/wp-json/custom/v1/replace-user-contentAPI\api-functions.php:238

GET/wp-json/custom/v1/regenerate-global-cssAPI\api-functions.php:245

GET/wp-json/custom/v1/save-generated-dataAPI\api-functions.php:252

GET/wp-json/custom/v1/save-generated-imageAPI\api-functions.php:259

GET/wp-json/custom/v1/save-generated-html-dataAPI\api-functions.php:266

GET/wp-json/custom/v1/get-saved-html-dataAPI\api-functions.php:273

GET/wp-json/custom/v1/get-html-data-detailsAPI\api-functions.php:280

GET/wp-json/custom/v1/save-generated-page-statusAPI\api-functions.php:287

GET/wp-json/custom/v1/get-generated-page-statusAPI\api-functions.php:295

GET/wp-json/custom/v1/save-selected-templateAPI\api-functions.php:302

GET/wp-json/custom/v1/get-selected-templateAPI\api-functions.php:309

GET/wp-json/custom/v1/update-style-changesAPI\api-functions.php:316

DELETE/wp-json/custom/v1/delete-theme-and-pluginsAPI\api-functions.php:324

GET/wp-json/custom/v1/update-contentAPI\api-functions.php:331

GET/wp-json/custom/v1/delete-all-postsAPI\api-functions.php:338

GET/wp-json/custom/v1/get-gwuser-detailsAPI\api-functions.php:345

GET/wp-json/custom/v1/get-usage-detailsAPI\api-functions.php:352

GET/wp-json/gravitywrite/v1/account-statusAPI\api-functions.php:5003

GET/wp-json/custom/v1/store-contentAPI\api-functions.php:5012

GET/wp-json/custom/v1/store-categoryAPI\api-functions.php:5022

GET/wp-json/custom/v1/store-nameAPI\api-functions.php:5031

GET/wp-json/custom/v1/store-description1API\api-functions.php:5040

GET/wp-json/custom/v1/store-description2API\api-functions.php:5049

GET/wp-json/custom/v1/store-image-urlAPI\api-functions.php:5058

GET/wp-json/custom/v1/store-contact-infoAPI\api-functions.php:5067

GET/wp-json/custom/v1/store-templateAPI\api-functions.php:5076

GET/wp-json/custom/v1/store-designAPI\api-functions.php:5085

POST/wp-json/custom/v1/update-statusAPI\api-functions.php:5094

GET/wp-json/custom/v1/upload-logoAPI\api-functions.php:5103

GET/wp-json/custom/v1/attemptAPI\api-functions.php:5112

GET/wp-json/custom/v1/empty-tablesAPI\api-functions.php:5575

WordPress Hooks 28

actionrest_api_initAPI\api-functions.php:5

actionwp_enqueue_scriptsAPI\api-functions.php:2314

actionadmin_enqueue_scriptsAPI\api-functions.php:4124

actionrest_api_initAPI\api-functions.php:4125

actionafter_setup_themeAPI\api-functions.php:4126

actionafter_setup_themeAPI\api-functions.php:4127

actionadmin_menuAPI\api-functions.php:4128

actionadmin_noticesAPI\api-functions.php:4284

actionadmin_noticesAPI\api-functions.php:4423

actionadmin_initAPI\api-functions.php:5561

actionrest_api_initAPI\api-functions.php:5574

filterrest_authentication_errorsAPI\api-functions.php:5693

actionadmin_initAPI\user-functions.php:13

actionadmin_noticesAPI\user-functions.php:148

actionadmin_noticesAPI\user-functions.php:159

actionadmin_noticesAPI\user-functions.php:199

actionadmin_noticesAPI\user-functions.php:204

filterplugin_row_metagw-ai-website-builder.php:27

filterastra_disable_starter_templates_promotionsgw-ai-website-builder.php:41

actionafter_setup_themegw-ai-website-builder.php:42

actionadmin_initgw-ai-website-builder.php:133

actionadmin_enqueue_scriptsgw-ai-website-builder.php:299

actionadmin_enqueue_scriptsgw-ai-website-builder.php:334

actionadmin_enqueue_scriptsgw-ai-website-builder.php:350

actionadmin_enqueue_scriptsgw-ai-website-builder.php:366

actionwp_enqueue_scriptsgw-ai-website-builder.php:369

filterimport_post_meta_keyincludes\imports\gravitywrite-wp-import.php:23

filterhttp_request_timeoutincludes\imports\gravitywrite-wp-import.php:24

Maintenance & Trust

GW AI Website Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version8.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

GW AI Website Builder Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Unlimited Elements For Elementor

unlimited-elements-for-elementor

Elementor all-in-one addons pack with the best widgets for Elementor, offering 100+ free widgets, templates, and tools to create stunning websites!

300K 29 CVEs

The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce

the-plus-addons-for-elementor-page-builder

Best Addons for Elementor with 120+ Elementor FREE & Pro Widgets & 1000+ Elementor Templates with Mega Menu, Post Grid, Header Footer, WooCommerce

100K 33 CVEs

Developer Profile

GW AI Website Builder Developer Profile

GravityWrite

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect GW AI Website Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gw-ai-website-builder/assets/css/elementor-import.css/wp-content/plugins/gw-ai-website-builder/assets/js/elementor-import.js/wp-content/plugins/gw-ai-website-builder/assets/js/gravitywrite-wp-import.js/wp-content/plugins/gw-ai-website-builder/assets/js/import-posts.js/wp-content/plugins/gw-ai-website-builder/assets/js/script.js

Script Paths

gw-ai-website-builder/assets/js/elementor-import.jsgw-ai-website-builder/assets/js/gravitywrite-wp-import.jsgw-ai-website-builder/assets/js/import-posts.jsgw-ai-website-builder/assets/js/script.js

Version Parameters

gw-ai-website-builder/assets/css/elementor-import.css?ver=gw-ai-website-builder/assets/js/elementor-import.js?ver=gw-ai-website-builder/assets/js/gravitywrite-wp-import.js?ver=gw-ai-website-builder/assets/js/import-posts.js?ver=gw-ai-website-builder/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

gwaiwebu-containergwaiwebu-rowgwaiwebu-columngwaiwebu-add-new-contentgwaiwebu-edit-contentgwaiwebu-delete-contentgwaiwebu-save-contentgwaiwebu-cancel-edit

HTML Comments

Data Attributes

data-gwaiwebu-template-iddata-gwaiwebu-componentdata-gwaiwebu-actiondata-gwaiwebu-item-id

JS Globals

gwaiwebu_ajax_object

REST Endpoints

/wp-json/gwaiwebu/v1/generate-content/wp-json/gwaiwebu/v1/save-content/wp-json/gwaiwebu/v1/get-content/wp-json/gwaiwebu/v1/delete-content

FAQ