WP-Safety

KimaAI | AI Chatbot, ChatGPT content writer and more Security & Risk Analysis

wordpress.org/plugins/kimaai

KimaAI is the first true all-in-one AI plugin for WordPress.

0 active installs v1.4.7 PHP 8.0+ WP 6.0+ Updated Mar 13, 2026
aiartificial-intelligenceassistantchatbottranslate
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is KimaAI | AI Chatbot, ChatGPT content writer and more Safe to Use in 2026?

Generally Safe

Score 100/100

KimaAI | AI Chatbot, ChatGPT content writer and more has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago
Risk Assessment

The "kimaai" plugin version 1.4.7 exhibits a generally positive security posture with several good practices observed. A high percentage of SQL queries utilize prepared statements (84%) and output escaping is also well-handled (90%). The plugin also demonstrates good use of capability checks (15) and a reasonable number of nonce checks (1) for its entry points. Notably, there is no recorded vulnerability history, suggesting a history of secure development or diligent patching by the developers.

However, concerns arise from the plugin's attack surface, specifically the REST API. With 19 REST API routes, 5 of which lack permission callbacks, there is a significant risk of unauthorized access and data manipulation if these endpoints are not properly secured within the plugin's logic. While the static analysis did not detect any dangerous functions or unsanitized taint flows, the unprotected REST API routes present a clear vulnerability vector that requires immediate attention. The presence of bundled libraries (Freemius v1.0) is noted, though their specific security implications depend on their version and integration.

In conclusion, "kimaai" v1.4.7 has strengths in its code hygiene for SQL and output handling, and a clean vulnerability history. Nevertheless, the unsecured REST API endpoints are a critical weakness that significantly elevates the risk profile of this plugin. Further investigation into the functionality of these unprotected routes is highly recommended.

Key Concerns

  • REST API routes without permission callbacks
Vulnerabilities
None known

KimaAI | AI Chatbot, ChatGPT content writer and more Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

KimaAI | AI Chatbot, ChatGPT content writer and more Code Analysis

Dangerous Functions
0
Raw SQL Queries
17
91 prepared
Unescaped Output
3
28 escaped
Nonce Checks
1
Capability Checks
15
File Operations
10
External Requests
3
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

84% prepared108 total queries

Output Escaping

90% escaped31 total outputs
Attack Surface
5 unprotected

KimaAI | AI Chatbot, ChatGPT content writer and more Attack Surface

Entry Points20
Unprotected5

REST API Routes 19

GET/wp-json/kimaai/v1/settings-schemaapp\Admin\Settings.php:128
GET/wp-json/kimaai/v1/settings-exportapp\Admin\Settings.php:142
POST/wp-json/kimaai/v1/settings-importapp\Admin\Settings.php:185
GET/wp-json/kimaai/v1/wizard/configapp\Admin\Wizard\Wizard.php:45
GET/wp-json/kimaai/v1/wizard/stateapp\Admin\Wizard\Wizard.php:51
POST/wp-json/kimaai/v1/wizard/completeapp\Admin\Wizard\Wizard.php:57
POST/wp-json/kimaai/v1/wizard/resetapp\Admin\Wizard\Wizard.php:77
POST/wp-json/kimaai/v1/playground/(?P<action>[a-zA-Z0-9-_]+)app\Ai\Playground.php:38
GET/wp-json/kimaai/v1/playground/image-historyapp\Ai\Playground.php:48
POST/wp-json/kimaai/v1/playground/image-history/deleteapp\Ai\Playground.php:58
POST/wp-json/kimaai/v1/test-connectionapp\Ai\RestApi.php:32
POST/wp-json/kimaai/v1/chatbotapp\ChatBot\ChatBot.php:47
GET/wp-json/kimaai/v1/chatbot/historyapp\ChatBot\ChatBot.php:68
POST/wp-json/kimaai/v1/chatbot/history/clearapp\ChatBot\ChatBot.php:80
GET/wp-json/kimaai/v1/chatbot/allapp\ChatBot\ChatBot.php:89
POST/wp-json/kimaai/v1/chatbot/deleteapp\ChatBot\ChatBot.php:102
POST/wp-json/kimaai/v1/chatbot/feedback/messageapp\ChatBot\ChatbotFeedback.php:20
POST/wp-json/kimaai/v1/chatbot/feedback/csatapp\ChatBot\ChatbotFeedback.php:56
GET/wp-json/kimaai/v1/show-logapp\Logger.php:65

Shortcodes 1

[kimaai_chatbot] app\ChatBot\ChatbotAssets.php:16
WordPress Hooks 20
actioncli_initapp\Addons\AddonManager.php:40
actionadmin_menuapp\Admin\AdminInit.php:19
actionadmin_headapp\Admin\AdminInit.php:22
actionadmin_enqueue_scriptsapp\Admin\Assets.php:24
filterdebug_informationapp\Admin\DebugInfo.php:14
actioninitapp\Admin\Settings.php:59
actionrest_api_initapp\Admin\Settings.php:61
actioninitapp\Admin\SettingsI18n.php:77
actionadmin_menuapp\Admin\Wizard\Wizard.php:25
filterkimaai_chatbot_gateapp\Ai\Security.php:35
filterkimaai_chatbot_gateapp\Ai\Security.php:39
actionwp_enqueue_scriptsapp\ChatBot\ChatbotAssets.php:19
actionadmin_enqueue_scriptsapp\ChatBot\ChatbotAssets.php:22
actionwp_footerapp\ChatBot\ChatbotAssets.php:35
actionkimaai_db_update_runnerapp\Database\Migrator.php:37
actioninitapp\Database\Migrator.php:40
actionplugins_loadedapp\KimaAI.php:30
actionadmin_initapp\KimaAI.php:77
actionadmin_noticesapp\KimaAI.php:80
actionrest_api_initapp\Logger.php:37
Maintenance & Trust

KimaAI | AI Chatbot, ChatGPT content writer and more Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version8.0
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

KimaAI | AI Chatbot, ChatGPT content writer and more Alternatives

Angie – Agentic AI for WordPress (Beta)

Angie – Agentic AI for WordPress (Beta)

angie

A
100

Angie Code: Your expert WordPress developer, powered by AI. Build anything you can imagine without writing a single line of code.

7K No CVEs
UltraPress – AI Assistant, Chatbot & SEO

UltraPress – AI Assistant, Chatbot & SEO

ultrapress

A
100

The AI Brain for your WordPress site. Engage visitors with a smart chatbot and enhance your SEO with AI-powered tools.

1K No CVEs
AI Chatbot for WordPress by Customerly

AI Chatbot for WordPress by Customerly

customerly

A
85

AI Chatbot to support customers, create engaging messages and send automated emails.

400 No CVEs
BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress

BuddyBot – OpenAI Assistants, AI Chatbots and Support Agents for WordPress

buddybot-ai-custom-ai-assistant-and-chat-agent

A
100

Discover AI Chatbots for WordPress, only plugin built on native OpenAI assistants. Explore a new different way to chat!

100 No CVEs
AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant

AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant

chatbot-ai-free-models

A
99

Add an AI Chatbot to your WordPress site for instant live chat or customer support. Featuring GPT, Claude, Llama and 70+ free models.

100 1 CVE
Developer Profile

KimaAI | AI Chatbot, ChatGPT content writer and more Developer Profile

Nabi Abdi

3 plugins · 500 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect KimaAI | AI Chatbot, ChatGPT content writer and more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kimaai/build/admin/admin.css/wp-content/plugins/kimaai/build/admin/index.js/wp-content/plugins/kimaai/assets/fonts/persian/yekan-font.css
Script Paths
/wp-content/plugins/kimaai/build/admin/index.js
Version Parameters
kimaai-admin?ver=kimaai-admin-rtl?ver=

HTML / DOM Fingerprints

CSS Classes
kimaai-admin-page
Data Attributes
data-kimaai-chatbox
JS Globals
window.__KIMAAI_CODE_EDITOR_SETTINGS__kimaaiAdmin
REST Endpoints
/kimaai/v1
Shortcode Output
[kimaai_chatbot]
FAQ

Frequently Asked Questions about KimaAI | AI Chatbot, ChatGPT content writer and more