WP-Safety

GW AI Website Builder Security & Risk Analysis

wordpress.org/plugins/gw-ai-website-builder

AI website builder for WordPress. Build sites with Elementor templates, no coding needed. Create responsive pages in minutes.

100 active installs v1.0.4 PHP 8.0+ WP 5.6+ Updated Mar 16, 2026
aielementorlanding-pagetemplateswebsite-builder
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GW AI Website Builder Safe to Use in 2026?

Generally Safe

Score 100/100

GW AI Website Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The gw-ai-website-builder v1.0.4 plugin exhibits a generally good security posture with several strengths. The plugin demonstrates excellent practices in output escaping, with 99% of outputs being properly handled, significantly reducing the risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the vast majority of SQL queries (63%) utilize prepared statements, which is a crucial defense against SQL injection. The presence of nonce checks on all 62 REST API routes and 68 capability checks also indicates a good effort to secure administrative functions. The absence of known CVEs and a clean vulnerability history further contribute to a positive security assessment.

However, there are a few areas that warrant attention. The presence of the `unserialize` function, while not directly exploitable without a specific trigger, is a known risk vector for deserialization vulnerabilities. Additionally, the taint analysis revealed two flows with unsanitized paths, which, although not classified as critical or high severity, represent potential entry points for path traversal or other file system related attacks if not handled carefully by the plugin's logic. The single unprotected REST API route is a definite concern, as it exposes an entry point without any permission checks, making it accessible to unauthenticated users and potentially allowing for unintended actions or information disclosure. The plugin also has a relatively large attack surface with 63 total entry points, and while most are protected, the single unprotected one stands out.

In conclusion, gw-ai-website-builder v1.0.4 is largely well-secured with strong practices in output sanitization and SQL query handling. The lack of past vulnerabilities is a positive sign. However, the presence of `unserialize`, unsanitized paths in taint flows, and especially the unprotected REST API route are weaknesses that introduce specific, albeit potentially manageable, risks. Addressing these points would further strengthen the plugin's security.

Key Concerns

  • REST API route without permission callbacks
  • Flows with unsanitized paths
  • Dangerous function detected (unserialize)
Vulnerabilities
None known

GW AI Website Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

GW AI Website Builder Release Timeline

v1.0.4Current
v1.0.3
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

GW AI Website Builder Code Analysis

Dangerous Functions
1
Raw SQL Queries
36
60 prepared
Unescaped Output
2
291 escaped
Nonce Checks
62
Capability Checks
68
File Operations
102
External Requests
17
Bundled Libraries
0

Dangerous Functions Found

unserialize$elementor_data = unserialize($elementor_data);API\api-functions.php:2566

SQL Query Safety

63% prepared96 total queries

Output Escaping

99% escaped293 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
gwaiwebu_gravitywrite_settings_page (API\api-functions.php:4259)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

GW AI Website Builder Attack Surface

Entry Points63
Unprotected1

AJAX Handlers 1

authwp_ajax_gwaiwebu_gravitywrite_disconnectAPI\api-functions.php:4129

REST API Routes 62

POST/wp-json/custom/v1/check-image-countAPI\api-functions.php:7
POST/wp-json/custom/v1/install-animationAPI\api-functions.php:15
POST/wp-json/elementor-image-update/v1/update-imagesAPI\api-functions.php:23
POST/wp-json/custom/v1/plugin-activateAPI\api-functions.php:31
GET/wp-json/custom/v1/get-userdataAPI\api-functions.php:39
POST/wp-json/custom/v1/set-logo-widthAPI\api-functions.php:48
GET/wp-json/custom/v1/check-previous-importAPI\api-functions.php:56
GET/wp-json/custom/v1/get-user-tokenAPI\api-functions.php:64
GET/wp-json/custom/v1/user-details-reactAPI\api-functions.php:72
GET/wp-json/custom/v1/disconnectAPI\api-functions.php:80
GET/wp-json/custom/v1/save_user_plan_detailsAPI\api-functions.php:88
POST/wp-json/custom/v1/update-countAPI\api-functions.php:96
GET/wp-json/custom/v1/check-word-countAPI\api-functions.php:104
GET/wp-json/custom/v1/check-site-countAPI\api-functions.php:112
DELETE/wp-json/custom/v1/delete-uploadsAPI\api-functions.php:120
POST/wp-json/custom/v1/create-uploadsAPI\api-functions.php:127
GET/wp-json/custom/v1/delete-all-stylesAPI\api-functions.php:134
GET/wp-json/custom/v1/remove-all-generated-dataAPI\api-functions.php:141
GET/wp-json/custom/v1/install-pluginAPI\api-functions.php:148
GET/wp-json/custom/v1/install-themeAPI\api-functions.php:155
GET/wp-json/custom/v1/install-postsAPI\api-functions.php:162
GET/wp-json/custom/v1/install-pagesAPI\api-functions.php:169
GET/wp-json/custom/v1/install-formsAPI\api-functions.php:176
GET/wp-json/custom/v1/install-elementor-kitAPI\api-functions.php:183
GET/wp-json/custom/v1/install-elementor-settingsAPI\api-functions.php:191
GET/wp-json/custom/v1/install-header-footerAPI\api-functions.php:198
GET/wp-json/custom/v1/update-form-detailsAPI\api-functions.php:205
GET/wp-json/custom/v1/get-form-detailsAPI\api-functions.php:212
GET/wp-json/custom/v1/import-menus-cssAPI\api-functions.php:217
GET/wp-json/custom/v1/import-sitelogoAPI\api-functions.php:224
GET/wp-json/custom/v1/delete-sitelogoAPI\api-functions.php:231
GET/wp-json/custom/v1/replace-user-contentAPI\api-functions.php:238
GET/wp-json/custom/v1/regenerate-global-cssAPI\api-functions.php:245
GET/wp-json/custom/v1/save-generated-dataAPI\api-functions.php:252
GET/wp-json/custom/v1/save-generated-imageAPI\api-functions.php:259
GET/wp-json/custom/v1/save-generated-html-dataAPI\api-functions.php:266
GET/wp-json/custom/v1/get-saved-html-dataAPI\api-functions.php:273
GET/wp-json/custom/v1/get-html-data-detailsAPI\api-functions.php:280
GET/wp-json/custom/v1/save-generated-page-statusAPI\api-functions.php:287
GET/wp-json/custom/v1/get-generated-page-statusAPI\api-functions.php:295
GET/wp-json/custom/v1/save-selected-templateAPI\api-functions.php:302
GET/wp-json/custom/v1/get-selected-templateAPI\api-functions.php:309
GET/wp-json/custom/v1/update-style-changesAPI\api-functions.php:316
DELETE/wp-json/custom/v1/delete-theme-and-pluginsAPI\api-functions.php:324
GET/wp-json/custom/v1/update-contentAPI\api-functions.php:331
GET/wp-json/custom/v1/delete-all-postsAPI\api-functions.php:338
GET/wp-json/custom/v1/get-gwuser-detailsAPI\api-functions.php:345
GET/wp-json/custom/v1/get-usage-detailsAPI\api-functions.php:352
GET/wp-json/gravitywrite/v1/account-statusAPI\api-functions.php:5003
GET/wp-json/custom/v1/store-contentAPI\api-functions.php:5012
GET/wp-json/custom/v1/store-categoryAPI\api-functions.php:5022
GET/wp-json/custom/v1/store-nameAPI\api-functions.php:5031
GET/wp-json/custom/v1/store-description1API\api-functions.php:5040
GET/wp-json/custom/v1/store-description2API\api-functions.php:5049
GET/wp-json/custom/v1/store-image-urlAPI\api-functions.php:5058
GET/wp-json/custom/v1/store-contact-infoAPI\api-functions.php:5067
GET/wp-json/custom/v1/store-templateAPI\api-functions.php:5076
GET/wp-json/custom/v1/store-designAPI\api-functions.php:5085
POST/wp-json/custom/v1/update-statusAPI\api-functions.php:5094
GET/wp-json/custom/v1/upload-logoAPI\api-functions.php:5103
GET/wp-json/custom/v1/attemptAPI\api-functions.php:5112
GET/wp-json/custom/v1/empty-tablesAPI\api-functions.php:5575
WordPress Hooks 28
actionrest_api_initAPI\api-functions.php:5
actionwp_enqueue_scriptsAPI\api-functions.php:2314
actionadmin_enqueue_scriptsAPI\api-functions.php:4124
actionrest_api_initAPI\api-functions.php:4125
actionafter_setup_themeAPI\api-functions.php:4126
actionafter_setup_themeAPI\api-functions.php:4127
actionadmin_menuAPI\api-functions.php:4128
actionadmin_noticesAPI\api-functions.php:4284
actionadmin_noticesAPI\api-functions.php:4423
actionadmin_initAPI\api-functions.php:5561
actionrest_api_initAPI\api-functions.php:5574
filterrest_authentication_errorsAPI\api-functions.php:5693
actionadmin_initAPI\user-functions.php:13
actionadmin_noticesAPI\user-functions.php:148
actionadmin_noticesAPI\user-functions.php:159
actionadmin_noticesAPI\user-functions.php:199
actionadmin_noticesAPI\user-functions.php:204
filterplugin_row_metagw-ai-website-builder.php:27
filterastra_disable_starter_templates_promotionsgw-ai-website-builder.php:41
actionafter_setup_themegw-ai-website-builder.php:42
actionadmin_initgw-ai-website-builder.php:133
actionadmin_enqueue_scriptsgw-ai-website-builder.php:299
actionadmin_enqueue_scriptsgw-ai-website-builder.php:334
actionadmin_enqueue_scriptsgw-ai-website-builder.php:350
actionadmin_enqueue_scriptsgw-ai-website-builder.php:366
actionwp_enqueue_scriptsgw-ai-website-builder.php:369
filterimport_post_meta_keyincludes\imports\gravitywrite-wp-import.php:23
filterhttp_request_timeoutincludes\imports\gravitywrite-wp-import.php:24
Maintenance & Trust

GW AI Website Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 16, 2026
PHP min version8.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

GW AI Website Builder Alternatives

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

coming-soon

A
92

Easy Drag & Drop Page Builder. A complete solution to create a WordPress Website, Custom Themes, Landing Pages, Coming Soon & Maintenance Mode Pages.

700K 9 CVEs
Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!

templately

A
95

Templately is an AI-powered WordPress templates cloud for Elementor and Gutenberg that offers 6,500+ ready template designs for a wide range of niches

400K 7 CVEs
Live Copy Paste for Elementor – Cross Domain Copy Paste & Page Duplicator

Live Copy Paste for Elementor – Cross Domain Copy Paste & Page Duplicator

live-copy-paste

A
100

The ultimate Elementor addon for cross-domain copying, magic copy buttons, and instant page duplication. Build websites faster with one-click design t …

7K No CVEs
Anant Sites — Elementor & Gutenberg Readymade Template Library Free & Pro Templates

Anant Sites — Elementor & Gutenberg Readymade Template Library Free & Pro Templates

ananta-sites

A
100

Ready Free Templates for Elementor & Gutenberg block editor

1K No CVEs
Easy Demo Import for Omega Themes

Easy Demo Import for Omega Themes

easy-demo-import-for-omega-themes

A
100

A lightweight One-Click Demo Import plugin built specifically for Omega Themes. Easily import demo content, widgets, and settings with a single click.

300 No CVEs
Developer Profile

GW AI Website Builder Developer Profile

GravityWrite

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect GW AI Website Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gw-ai-website-builder/assets/css/elementor-import.css/wp-content/plugins/gw-ai-website-builder/assets/js/elementor-import.js/wp-content/plugins/gw-ai-website-builder/assets/js/gravitywrite-wp-import.js/wp-content/plugins/gw-ai-website-builder/assets/js/import-posts.js/wp-content/plugins/gw-ai-website-builder/assets/js/script.js
Script Paths
gw-ai-website-builder/assets/js/elementor-import.jsgw-ai-website-builder/assets/js/gravitywrite-wp-import.jsgw-ai-website-builder/assets/js/import-posts.jsgw-ai-website-builder/assets/js/script.js
Version Parameters
gw-ai-website-builder/assets/css/elementor-import.css?ver=gw-ai-website-builder/assets/js/elementor-import.js?ver=gw-ai-website-builder/assets/js/gravitywrite-wp-import.js?ver=gw-ai-website-builder/assets/js/import-posts.js?ver=gw-ai-website-builder/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
gwaiwebu-containergwaiwebu-rowgwaiwebu-columngwaiwebu-add-new-contentgwaiwebu-edit-contentgwaiwebu-delete-contentgwaiwebu-save-contentgwaiwebu-cancel-edit
HTML Comments
<!-- GWAIWEBU START AI CONTENT SECTION --><!-- GWAIWEBU END AI CONTENT SECTION --><!-- GWAIWEBU AI CONTENT WRAPPER START --><!-- GWAIWEBU AI CONTENT WRAPPER END -->
Data Attributes
data-gwaiwebu-template-iddata-gwaiwebu-componentdata-gwaiwebu-actiondata-gwaiwebu-item-id
JS Globals
gwaiwebu_ajax_object
REST Endpoints
/wp-json/gwaiwebu/v1/generate-content/wp-json/gwaiwebu/v1/save-content/wp-json/gwaiwebu/v1/get-content/wp-json/gwaiwebu/v1/delete-content
FAQ

Frequently Asked Questions about GW AI Website Builder