WP-Safety

Inqyra Security & Risk Analysis

wordpress.org/plugins/inqyra

AI-powered chatbot that answers visitor questions based on your own WordPress content. Bring your own API key — zero markup.

0 active installs v1.1.5 PHP 8.1+ WP 6.2+ Updated Mar 26, 2026
ai-chatbotchatbotlive-chatopenairag
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Inqyra Safe to Use in 2026?

Generally Safe

Score 100/100

Inqyra has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "inqyra" v1.1.5 plugin exhibits a mixed security posture. On one hand, it demonstrates strong adherence to secure coding practices with 100% of SQL queries using prepared statements and all output properly escaped. The presence of numerous nonce and capability checks (42 and 43 respectively) also suggests an awareness of securing WordPress functionalities. Furthermore, the plugin's vulnerability history is clean, with no recorded CVEs, indicating a history of robust security.

However, a significant concern arises from the extensive attack surface exposed through AJAX handlers. All 24 identified AJAX handlers lack authentication checks, making them direct entry points for potential attackers. While no critical or high severity taint flows were explicitly detailed, the 5 flows with unsanitized paths within the analyzed 14 taint flows are a serious red flag. These unsanitized paths, combined with the unprotected AJAX endpoints, create a high probability of exploitation if an attacker can trigger these flows. The bundled libraries, Select2 and Freemius v1.0, also warrant attention for potential version-specific vulnerabilities, although no specific issues are detailed here.

In conclusion, "inqyra" v1.1.5 has strengths in its database interaction and output handling. Nevertheless, the lack of authentication on a large number of AJAX handlers and the presence of unsanitized paths in taint flows represent critical security weaknesses that significantly elevate the risk profile of this plugin. Immediate attention should be directed towards securing these AJAX endpoints.

Key Concerns

  • All AJAX handlers lack authentication checks
  • 5 flows with unsanitized paths found
  • Bundled library Select2 (version not specified)
  • Bundled library Freemius v1.0 (potential outdated version)
Vulnerabilities
None known

Inqyra Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Inqyra Release Timeline

v1.1.5Current
v1.1.4
Code Analysis
Analyzed Apr 16, 2026

Inqyra Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
331 prepared
Unescaped Output
1
893 escaped
Nonce Checks
42
Capability Checks
43
File Operations
9
External Requests
9
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

100% prepared331 total queries

Output Escaping

100% escaped894 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

14 flows5 with unsanitized paths
ajax_get_crawl_status (admin/class-inqyra-admin.php:1305)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
24 unprotected

Inqyra Attack Surface

Entry Points24
Unprotected24

AJAX Handlers 24

authwp_ajax_inqyra_save_settingsincludes/class-inqyra.php:249
authwp_ajax_inqyra_save_agentincludes/class-inqyra.php:250
authwp_ajax_inqyra_trigger_crawlincludes/class-inqyra.php:251
authwp_ajax_inqyra_get_crawl_statusincludes/class-inqyra.php:252
authwp_ajax_inqyra_get_embedding_statsincludes/class-inqyra.php:253
authwp_ajax_inqyra_get_chunks_for_embeddingincludes/class-inqyra.php:254
authwp_ajax_inqyra_save_embeddingincludes/class-inqyra.php:255
authwp_ajax_inqyra_mark_embedding_failedincludes/class-inqyra.php:256
authwp_ajax_inqyra_create_agentincludes/class-inqyra.php:257
authwp_ajax_inqyra_search_pagesincludes/class-inqyra.php:258
authwp_ajax_inqyra_get_page_titlesincludes/class-inqyra.php:259
authwp_ajax_inqyra_dismiss_recrawl_noticeincludes/class-inqyra.php:260
authwp_ajax_inqyra_crawl_single_postincludes/class-inqyra.php:261
authwp_ajax_inqyra_export_conversationsincludes/class-inqyra.php:262
authwp_ajax_inqyra_export_diagnosticsincludes/class-inqyra.php:263
authwp_ajax_inqyra_archive_conversationincludes/class-inqyra.php:265
authwp_ajax_inqyra_delete_conversationincludes/class-inqyra.php:266
authwp_ajax_inqyra_refresh_modelsincludes/class-inqyra.php:268
authwp_ajax_inqyra_validate_api_keyincludes/class-inqyra.php:270
authwp_ajax_inqyra_delete_api_keyincludes/class-inqyra.php:271
authwp_ajax_inqyra_save_wizard_stateincludes/class-inqyra.php:272
authwp_ajax_inqyra_get_agentincludes/class-inqyra.php:273
authwp_ajax_inqyra_complete_wizardincludes/class-inqyra.php:274
authwp_ajax_inqyra_prompt_builder_chatincludes/class-inqyra.php:275
WordPress Hooks 28
actionadmin_footeradmin/class-inqyra-admin.php:282
actionadmin_footeradmin/class-inqyra-admin.php:428
filterscript_loader_tagadmin/class-inqyra-admin.php:448
actionadmin_footeradmin/class-inqyra-admin.php:510
filterrest_pre_serve_requestapi/class-inqyra-rest-api.php:43
filtercron_schedulesincludes/class-inqyra-activator.php:344
actionadmin_initincludes/class-inqyra.php:238
actionadmin_menuincludes/class-inqyra.php:241
actionadmin_enqueue_scriptsincludes/class-inqyra.php:243
actionadmin_enqueue_scriptsincludes/class-inqyra.php:244
actionadmin_enqueue_scriptsincludes/class-inqyra.php:245
actionadmin_initincludes/class-inqyra.php:277
actionadmin_noticesincludes/class-inqyra.php:279
actionrest_api_initincludes/class-inqyra.php:289
actionwp_enqueue_scriptsincludes/class-inqyra.php:297
actionwp_enqueue_scriptsincludes/class-inqyra.php:298
actionwp_footerincludes/class-inqyra.php:300
filtercron_schedulesincludes/class-inqyra.php:308
actioninqyra_process_embeddingsincludes/class-inqyra.php:310
actioninqyra_archive_conversationsincludes/class-inqyra.php:311
actioninqyra_run_crawlincludes/class-inqyra.php:312
actioninqyra_auto_recrawlincludes/class-inqyra.php:313
actionsave_postincludes/class-inqyra.php:315
actionafter_license_activationinqyra.php:55
filterplugin_iconinqyra.php:59
actionafter_uninstallinqyra.php:63
actionadmin_noticesinqyra.php:186
actionadmin_noticesinqyra.php:201

Scheduled Events 5

inqyra_process_embeddings
inqyra_archive_conversations
inqyra_check_ended_conversations
inqyra_clean_webhook_logs
inqyra_auto_recrawl
Maintenance & Trust

Inqyra Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 26, 2026
PHP min version8.1
Downloads209

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Inqyra Alternatives

HybridAI Chatbot

HybridAI Chatbot

hybridai-chatbot

A
100

Automatically integrates the HybridAI Chatbot into your WordPress site, allowing users to chat with an AI assistant powered by HybridAI.

0 No CVEs
Lime Connect (formerly Userlike) – WordPress Live Chat plugin

Lime Connect (formerly Userlike) – WordPress Live Chat plugin

userlike

A
100

Free live chat plugin to chat with the visitors of your website. Integrate a beautiful and fully customizable chat box. Hosted in Europe.

1K 1 CVE
Live Chat & AI Chatbot – onWebChat

Live Chat & AI Chatbot – onWebChat

onwebchat

A
99

Add live chat and a 24/7 AI chatbot to your site. Engage visitors instantly, automate support, and convert more visitors into customers.

700 1 CVE
Social Intents – Live Chat

Social Intents – Live Chat

live-chat-support-by-social-intents

B
79

AI Chatbot & Live Chat plugin for WordPress. Chat with visitors using ChatGPT, Claude, Gemini, Slack, Teams, and Google Chat.

400 1 unpatched
AI Chatbot for WordPress by Customerly

AI Chatbot for WordPress by Customerly

customerly

A
85

AI Chatbot to support customers, create engaging messages and send automated emails.

300 No CVEs
Developer Profile

Inqyra Developer Profile

ipportunities

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Inqyra

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/inqyra/assets/css/inqyra-admin-style.css/wp-content/plugins/inqyra/assets/css/inqyra-chatbot.css/wp-content/plugins/inqyra/assets/css/inqyra-frontend.css/wp-content/plugins/inqyra/assets/js/inqyra-admin.js/wp-content/plugins/inqyra/assets/js/inqyra-chatbot.js/wp-content/plugins/inqyra/assets/js/inqyra-frontend.js/wp-content/plugins/inqyra/assets/js/inqyra-vendor.js
Version Parameters
inqyra/assets/css/inqyra-admin-style.css?ver=inqyra/assets/css/inqyra-chatbot.css?ver=inqyra/assets/css/inqyra-frontend.css?ver=inqyra/assets/js/inqyra-admin.js?ver=inqyra/assets/js/inqyra-chatbot.js?ver=inqyra/assets/js/inqyra-frontend.js?ver=inqyra/assets/js/inqyra-vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes
inqyra-chatbot-iconinqyra-chatbot-widgetinqyra-chat-bubbleinqyra-chat-messageinqyra-chat-input-wrapper
HTML Comments
<!-- Inqyra Admin Page --><!-- Inqyra Chatbot Widget --><!-- Inqyra Chat Bubble -->
Data Attributes
data-inqyra-api-keydata-inqyra-modeldata-inqyra-widget-id
JS Globals
inqyraChatbotinqyraSettings
REST Endpoints
/wp-json/inqyra/v1/message/wp-json/inqyra/v1/conversations
Shortcode Output
[inqyra_chat]
FAQ

Frequently Asked Questions about Inqyra