Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E Security & Risk Analysis

AI-Powered assistant for WordPress. Effortlessly Craft Unique Content, and Seamlessly Generate Captivating Images and Audio.

10 active installs v1.4.3 PHP 7.2.5+ WP 5.4+ Updated Nov 23, 2025

aichatgptcopilotgptopenai

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E Safe to Use in 2026?

Generally Safe

Score 100/100

Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "handywriter" plugin v1.4.3 presents a mixed security picture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. A notable eight AJAX handlers are exposed without any authentication or capability checks, creating a wide entry point for potential malicious activity. Furthermore, the taint analysis revealed one flow with an unsanitized path, although this did not escalate to critical or high severity in the static analysis.

The plugin's vulnerability history is currently clean, with zero known CVEs. This is a positive indicator, suggesting that either the plugin has been well-maintained or has not yet been a target for widespread exploitation. However, the absence of historical vulnerabilities should not be mistaken for inherent invulnerability, especially given the identified unprotected AJAX endpoints. In conclusion, the plugin exhibits strengths in its core data handling but possesses a substantial weakness in its authentication and authorization implementation for AJAX requests, which represents the primary security risk.

Key Concerns

8 unprotected AJAX handlers
1 unsanitized path in taint analysis

Vulnerabilities

None known

Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

153 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped156 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<image-generator> (includes\image-generator.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_handywriter_content_template_create_contentincludes\admin\dashboard.php:49

authwp_ajax_handywriter_create_contentincludes\admin\dashboard.php:50

authwp_ajax_handywriter_check_plagiarismincludes\admin\dashboard.php:51

authwp_ajax_handywriter_proofreadingincludes\admin\dashboard.php:52

authwp_ajax_handywriter_usage_detailsincludes\admin\dashboard.php:53

authwp_ajax_handywriter_image_generatorincludes\image-generator.php:28

authwp_ajax_handywriter_image_save_to_media_libraryincludes\image-generator.php:29

authwp_ajax_handywriter_create_audioincludes\tts.php:32

WordPress Hooks 23

actionnetwork_admin_menuincludes\admin\dashboard.php:41

actionadmin_menuincludes\admin\dashboard.php:43

actionadmin_menuincludes\admin\dashboard.php:46

filteradmin_body_classincludes\admin\dashboard.php:48

actionadd_meta_boxesincludes\admin\dashboard.php:54

actionadmin_headincludes\admin\dashboard.php:55

actionadmin_initincludes\admin\dashboard.php:56

filtermce_external_pluginsincludes\admin\dashboard.php:807

filtermce_buttonsincludes\admin\dashboard.php:808

actioninitincludes\core.php:26

actioninitincludes\core.php:27

actionadmin_enqueue_scriptsincludes\core.php:28

actionadmin_enqueue_scriptsincludes\core.php:29

actionenqueue_block_editor_assetsincludes\core.php:30

actioninitincludes\history.php:25

actioninitincludes\history.php:26

filterhandywriter_history_post_titleincludes\history.php:28

actionadmin_enqueue_scriptsincludes\image-generator.php:27

actionadmin_enqueue_scriptsincludes\tts.php:33

actionmedia_buttonsincludes\tts.php:34

actionadmin_footerincludes\tts.php:35

filtermedia_send_to_editorincludes\tts.php:36

actionplugins_loadedplugin.php:68

Maintenance & Trust

Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 23, 2025

PHP min version7.2.5

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E Alternatives

WP AI CoPilot – AI content writer plugin, ChatGPT WordPress, GPT-3/4 , Ai assistance

ai-co-pilot-for-wp

AI Content Writing Assistant – A one-click solution that generates high-quality, unique content by utilizing AI (GPT4 , OpenAI).

1K 2 CVEs

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek

ai-content-generation

WP Wand is a powerful AI Content Writer for WordPress. Your AI Co-Pilot for generating content, powered by OpenAI, Claude, OpenRouter and Deepseek.

1K 1 unpatched

AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation

ai-copilot

Boost productivity with ChatGPT AI Engine: automate content creation, enhance Gutenberg editing, and deploy AI chatbots for smarter, faster workflows.

1K 1 unpatched

AI Content Creator – Easy ChatGPT powered article generator

ai-content-creator

This plugin easily creates articles for new posts for your site using the same AI that powers ChatGPT.

600 1 unpatched

AI Assistant for Elementor – Auto Content Writer, OpenAI, ChatGPT

ai-assistant-elementor

An AI powered content writer and generator for Elementor utilizing the OpenAI API that powers Chat GPT.

500 No CVEs

Developer Profile

Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E Developer Profile

handyplugins

10 plugins · 8K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Handywriter – AI-Powered Assistant for WordPress – Powered by GPT-4o & ChatGPT & DALL-E

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/handywriter/dist/js/classic-editor.js/wp-content/plugins/handywriter/dist/js/admin.js/wp-content/plugins/handywriter/dist/js/block-editor.js/wp-content/plugins/handywriter/dist/css/admin.css

Script Paths

/wp-content/plugins/handywriter/dist/js/classic-editor.js/wp-content/plugins/handywriter/dist/js/admin.js/wp-content/plugins/handywriter/dist/js/block-editor.js

Version Parameters

/wp-content/plugins/handywriter/dist/js/classic-editor.js?ver=1.4.3/wp-content/plugins/handywriter/dist/js/admin.js?ver=1.4.3/wp-content/plugins/handywriter/dist/js/block-editor.js?ver=1.4.3/wp-content/plugins/handywriter/dist/css/admin.css?ver=1.4.3

HTML / DOM Fingerprints

Data Attributes

data-hw-image-promptdata-hw-image-sizedata-hw-image-count

JS Globals

HandywriterAdmin

FAQ