WP-Safety

Mind Web Concierge Security & Risk Analysis

wordpress.org/plugins/mind-web-concierge

Mind Web Concierge is an intelligent WordPress assistant powered by RAG technology. It acts as a digital concierge for your website - guiding users th …

0 active installs v1.1.3 PHP 7.4+ WP 6.0+ Updated Apr 16, 2026
ai-chatbotartificial-intelligenceautomationcustomer-supportrag
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Mind Web Concierge Safe to Use in 2026?

Generally Safe

Score 100/100

Mind Web Concierge has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'mind-web-concierge' v1.1.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and properly escaping the vast majority of its output. The plugin also includes a significant number of nonce and capability checks, indicating a general awareness of WordPress security mechanisms. However, several concerns arise from the static analysis. The plugin exposes a considerable attack surface with 71 entry points, and a notable portion (4) lack proper authentication or permission checks. Specifically, 3 AJAX handlers and 1 REST API route are unprotected, presenting potential avenues for unauthorized access or manipulation. The taint analysis reveals a high severity flow with unsanitized paths, which is a significant concern that could lead to code injection or other critical vulnerabilities if exploited. The absence of any recorded vulnerabilities in its history is a positive sign, suggesting the plugin has historically been secure, but it does not negate the immediate risks identified in the current code analysis. The presence of dangerous functions like set_time_limit and ini_set, while not directly flagged as vulnerabilities in this analysis, warrants careful review as they can be misused in certain contexts.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API route
  • High severity unsanitized path flow
  • Use of dangerous functions (set_time_limit, ini_set)
Vulnerabilities
None known

Mind Web Concierge Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Mind Web Concierge Release Timeline

v1.1.3Current
v1.1.2
Code Analysis
Analyzed Apr 16, 2026

Mind Web Concierge Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
132 prepared
Unescaped Output
4
700 escaped
Nonce Checks
58
Capability Checks
53
File Operations
1
External Requests
25
Bundled Libraries
0

Dangerous Functions Found

set_time_limitset_time_limit( 0 );includes/mindweco_ask_stream.php:136
ini_setini_set( 'zlib.output_compression', 'Off' ); // phpcs:ignore WordPress.PHP.IniSet.Riskyincludes/mindweco_ask_stream.php:144
ini_setini_set( 'output_buffering', '0' ); // phpcs:ignore WordPress.PHP.IniSet.Riskyincludes/mindweco_ask_stream.php:145
ini_setini_set( 'implicit_flush', '1' ); // phpcs:ignore WordPress.PHP.IniSet.Riskyincludes/mindweco_ask_stream.php:146

SQL Query Safety

100% prepared132 total queries

Output Escaping

99% escaped704 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

20 flows4 with unsanitized paths
mindweco_knowledge_repository_login (includes/mindweco_knowledge_repository.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Mind Web Concierge Attack Surface

Entry Points71
Unprotected4

AJAX Handlers 69

authwp_ajax_mindweco_index_all_itemsincludes/mindweco_ajax.php:13
authwp_ajax_mindweco_delete_indexed_itemincludes/mindweco_ajax.php:273
authwp_ajax_mindweco_get_statsincludes/mindweco_ajax.php:342
authwp_ajax_mindweco_get_indexed_tableincludes/mindweco_ajax.php:393
authwp_ajax_mindweco_unindex_all_itemsincludes/mindweco_ajax.php:447
authwp_ajax_mindweco_refresh_access_tokenincludes/mindweco_ajax.php:499
authwp_ajax_mindweco_check_indexed_itemsincludes/mindweco_ajax.php:518
noprivwp_ajax_mindweco_check_indexed_itemsincludes/mindweco_ajax.php:519
authwp_ajax_mindweco_check_indexed_productsincludes/mindweco_ajax.php:546
noprivwp_ajax_mindweco_check_indexed_productsincludes/mindweco_ajax.php:547
authwp_ajax_mindweco_create_attach_llm_config_to_indexingincludes/mindweco_ajax.php:572
authwp_ajax_mindweco_update_llm_configincludes/mindweco_ajax.php:680
authwp_ajax_mindweco_delete_llm_config_ajaxincludes/mindweco_ajax.php:767
authwp_ajax_mindweco_get_selectionincludes/mindweco_ajax.php:897
authwp_ajax_mindweco_save_selectionincludes/mindweco_ajax.php:933
authwp_ajax_mindweco_regenerate_welcomeincludes/mindweco_ajax.php:955
authwp_ajax_mindweco_send_message_streamincludes/mindweco_ask_stream.php:12
noprivwp_ajax_mindweco_send_message_streamincludes/mindweco_ask_stream.php:13
authwp_ajax_mindweco_get_conversations_by_dateincludes/mindweco_conversations.php:12
authwp_ajax_mindweco_get_conversationsincludes/mindweco_conversations.php:77
authwp_ajax_mindweco_get_today_conversationsincludes/mindweco_conversations.php:113
authwp_ajax_mindweco_delete_conversationincludes/mindweco_conversations.php:154
authwp_ajax_mindweco_get_citation_dataincludes/mindweco_hooks.php:609
noprivwp_ajax_mindweco_get_citation_dataincludes/mindweco_hooks.php:610
authwp_ajax_mindweco_add_to_cartincludes/mindweco_hooks.php:805
noprivwp_ajax_mindweco_add_to_cartincludes/mindweco_hooks.php:806
authwp_ajax_mindweco_knowledge_repository_loginincludes/mindweco_knowledge_repository.php:29
authwp_ajax_mindweco_get_notebooksincludes/mindweco_knowledge_repository.php:104
authwp_ajax_mindweco_get_saved_page_basedincludes/mindweco_knowledge_repository.php:155
authwp_ajax_mindweco_get_page_notebooksincludes/mindweco_knowledge_repository.php:191
authwp_ajax_mindweco_save_page_notebooksincludes/mindweco_knowledge_repository.php:216
authwp_ajax_mindweco_get_all_page_notebooksincludes/mindweco_knowledge_repository.php:251
authwp_ajax_mindweco_remove_page_notebooksincludes/mindweco_knowledge_repository.php:264
authwp_ajax_mindweco_remove_all_page_notebooksincludes/mindweco_knowledge_repository.php:287
authwp_ajax_mindweco_knowledge_repository_logoutincludes/mindweco_knowledge_repository.php:302
authwp_ajax_mindweco_index_all_media_filesincludes/mindweco_manage_media_files.php:11
authwp_ajax_mindweco_get_stats_filesincludes/mindweco_manage_media_files.php:160
authwp_ajax_mindweco_fetch_media_filesincludes/mindweco_manage_media_files.php:200
authwp_ajax_mindweco_get_indexed_table_filesincludes/mindweco_manage_media_files.php:262
authwp_ajax_mindweco_delete_indexed_fileincludes/mindweco_manage_media_files.php:341
authwp_ajax_mindweco_unindex_all_filesincludes/mindweco_manage_media_files.php:429
authwp_ajax_mindweco_check_file_indexedincludes/mindweco_manage_media_files.php:562
authwp_ajax_delete-postincludes/mindweco_manage_media_files.php:643
authwp_ajax_mindweco_fetch_product_catalogincludes/mindweco_manage_product_catalog.php:13
authwp_ajax_mindweco_index_all_productsincludes/mindweco_manage_product_catalog.php:79
authwp_ajax_mindweco_get_stats_product_catalogincludes/mindweco_manage_product_catalog.php:301
authwp_ajax_mindweco_refresh_access_token_productsincludes/mindweco_manage_product_catalog.php:344
authwp_ajax_mindweco_get_indexed_table_productsincludes/mindweco_manage_product_catalog.php:366
authwp_ajax_mindweco_delete_indexed_productsincludes/mindweco_manage_product_catalog.php:442
authwp_ajax_mindweco_unindex_all_productsincludes/mindweco_manage_product_catalog.php:513
authwp_ajax_mindweco_refresh_nonceincludes/mindweco_nonce_refresh.php:12
noprivwp_ajax_mindweco_refresh_nonceincludes/mindweco_nonce_refresh.php:13
authwp_ajax_mindweco_get_historyincludes/mindweco_session.php:12
noprivwp_ajax_mindweco_get_historyincludes/mindweco_session.php:13
authwp_ajax_mindweco_clear_historyincludes/mindweco_session.php:78
noprivwp_ajax_mindweco_clear_historyincludes/mindweco_session.php:79
authwp_ajax_mindweco_add_trialincludes/mindweco_subscription_handlers.php:69
authwp_ajax_mindweco_get_trial_statusincludes/mindweco_subscription_handlers.php:114
noprivwp_ajax_mindweco_get_trial_statusincludes/mindweco_subscription_handlers.php:115
authwp_ajax_mindweco_get_all_subscriptionsincludes/mindweco_subscription_handlers.php:185
noprivwp_ajax_mindweco_get_all_subscriptionsincludes/mindweco_subscription_handlers.php:186
authwp_ajax_mindweco_get_history_subscriptionsincludes/mindweco_subscription_handlers.php:232
noprivwp_ajax_mindweco_get_history_subscriptionsincludes/mindweco_subscription_handlers.php:233
authwp_ajax_mindweco_cancel_subscriptionincludes/mindweco_subscription_handlers.php:260
authwp_ajax_mindweco_reactivate_subscriptionincludes/mindweco_subscription_handlers.php:297
authwp_ajax_mindweco_add_trial_subscriptionincludes/mindweco_subscription_handlers.php:334
authwp_ajax_mindweco_add_trial_without_userincludes/mindweco_subscription_handlers.php:374
authwp_ajax_mindweco_download_invoiceincludes/mindweco_subscription_handlers.php:413
authwp_ajax_mindweco_get_buy_urlincludes/mindweco_subscription_handlers.php:468

REST API Routes 2

POST/wp-json/mindweco/v1/calendly-webhookincludes/mindweco_hooks.php:204
GET/wp-json/mindweb/v1/productsincludes/mindweco_manage_product_catalog.php:264
WordPress Hooks 35
actionadmin_enqueue_scriptsadmin/mindweco_admin_conversations.php:12
actionadmin_menuadmin/mindweco_item_settings.php:12
actionadmin_enqueue_scriptsadmin/mindweco_item_settings.php:92
actionadmin_footeradmin/mindweco_item_settings.php:208
actionadmin_enqueue_scriptsadmin/mindweco_knowledge_repository.php:14
actionadmin_enqueue_scriptsadmin/mindweco_media_files.php:12
actionadmin_enqueue_scriptsadmin/mindweco_model_usage_settings.php:12
actionadmin_enqueue_scriptsadmin/mindweco_product_catalog_settings.php:12
actionadmin_initadmin/mindweco_subscription_settings.php:13
actionadmin_enqueue_scriptsadmin/mindweco_subscription_settings.php:28
actionadmin_initincludes/mindweco_activation.php:64
actionadmin_initincludes/mindweco_activation.php:190
actionadmin_initincludes/mindweco_activation.php:206
actionadmin_enqueue_scriptsincludes/mindweco_ajax.php:805
actionwp_footerincludes/mindweco_hooks.php:13
actionrest_api_initincludes/mindweco_hooks.php:201
actioninitincludes/mindweco_hooks.php:215
actionwp_enqueue_scriptsincludes/mindweco_hooks.php:224
actionwp_enqueue_scriptsincludes/mindweco_hooks.php:379
actiontransition_post_statusincludes/mindweco_hooks.php:388
actionbefore_delete_postincludes/mindweco_hooks.php:403
actiontransition_post_statusincludes/mindweco_hooks.php:418
actionbefore_delete_postincludes/mindweco_hooks.php:523
actionwp_trash_postincludes/mindweco_hooks.php:594
actionadd_attachmentincludes/mindweco_manage_media_files.php:470
actiondelete_attachmentincludes/mindweco_manage_media_files.php:589
actionrest_api_initincludes/mindweco_manage_product_catalog.php:261
actionsave_post_productincludes/mindweco_manage_product_catalog.php:552
actionwoocommerce_update_productincludes/mindweco_manage_product_catalog.php:648
actionwoocommerce_delete_productincludes/mindweco_manage_product_catalog.php:714
actionwoocommerce_trash_productincludes/mindweco_manage_product_catalog.php:715
actiontransition_post_statusincludes/mindweco_manage_product_catalog.php:775
actionwpincludes/mindweco_session.php:112
actionmindweco_cleanup_transientsincludes/mindweco_session.php:119
actioninitincludes/mindweco_sitemap.php:12

Scheduled Events 1

mindweco_cleanup_transients
Maintenance & Trust

Mind Web Concierge Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 16, 2026
PHP min version7.4
Downloads63

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Mind Web Concierge Alternatives

Gapify AI Customer Communication

Gapify AI Customer Communication

gapify-ai-customer-communication

A
100

AI-powered customer support and chat widget. Automate responses, increase sales, and provide 24/7 customer service with Gapify's intelligent chatbot.

20 No CVEs
LoryBot | Advanced AI Chatbot

LoryBot | Advanced AI Chatbot

lorybot-ai-chatbot

A
92

LoryBot is a AI Chatbot for WordPress

10 No CVEs
Interworky Assistant

Interworky Assistant

interworky-assistant

A
100

Interworky Assistant is a smart AI chatbot that helps businesses automate customer engagement and support.

0 No CVEs
Quorlyx

Quorlyx

quorlyx

A
100

AI-powered chatbot & content engine. Automate sales, support, and SEO with Gemini, OpenAI, Anthropic, DeepSeek & Grok.

0 No CVEs
Angie – Agentic AI (Beta)

Angie – Agentic AI (Beta)

angie

A
100

Angie Code: Your expert WordPress developer, powered by AI. Build anything you can imagine without writing a single line of code.

10K No CVEs
Developer Profile

Mind Web Concierge Developer Profile

mindwebconcierge

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mind Web Concierge

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mind-web-concierge/assets/css/jquery-ui.min.css/wp-content/plugins/mind-web-concierge/assets/css/mindweco_conversations.css/wp-content/plugins/mind-web-concierge/assets/js/components/Modal.js/wp-content/plugins/mind-web-concierge/assets/js/components/Toast.js/wp-content/plugins/mind-web-concierge/assets/js/components/Pagination.js/wp-content/plugins/mind-web-concierge/assets/css/mindweco-pagination.css/wp-content/plugins/mind-web-concierge/assets/js/mindweco_conversations.js
Version Parameters
mindweco-conversations-plugin-style?ver=1.1.3mindweco-modal?ver=1.1.3mindweco-toast?ver=1.1.3mindweco-pagination?ver=1.1.3mindweco-pagination-style?ver=1.1.3mindweco-conversations-plugin-js?ver=1.1.3

HTML / DOM Fingerprints

CSS Classes
mindweco-conversations-wrappage-headerheader-contentheader-icondatepicker-wrapperdatepicker-all-rowfilter-headerfilter-icon+3 more
Data Attributes
data-wp-nonce
JS Globals
mindwecoDataKnowledgeRepository
REST Endpoints
/wp-json/mind-web-concierge/v1/conversations
FAQ

Frequently Asked Questions about Mind Web Concierge