WP-Safety

miniOrange AI Agent Security & Risk Analysis

wordpress.org/plugins/miniorange-ai-agent

WordPress 6.9 Abilities API integration: register abilities, REST /chat endpoint, AI Agent chat UI, execution logging, AI-powered tools, OAuth 2.

0 active installs v1.1.0 PHP 7.4+ WP 6.9+ Updated Apr 6, 2026
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is miniOrange AI Agent Safe to Use in 2026?

Generally Safe

Score 100/100

miniOrange AI Agent has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "miniorange-ai-agent" v1.1.0 plugin exhibits a strong security posture based on the provided static analysis. The complete absence of direct attack surface entry points like AJAX handlers, REST API routes, and shortcodes, as well as zero unprotected entry points, is a significant strength. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and a very high percentage of properly escaped output, minimizing the risk of common vulnerabilities like SQL injection and cross-site scripting. The presence of nonce and capability checks further reinforces security.

However, a single external HTTP request represents a potential, albeit unanalyzed, vector for risk. While the taint analysis shows no unsanitized paths, the nature and handling of this external request would require deeper inspection. The plugin's clean vulnerability history with zero known CVEs is a positive indicator of past security diligence and robustness. Overall, the plugin appears to be developed with security in mind, but the single external HTTP request warrants attention for a comprehensive risk assessment.

Key Concerns

  • External HTTP request present
Vulnerabilities
None known

miniOrange AI Agent Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

miniOrange AI Agent Release Timeline

v1.1.0Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

miniOrange AI Agent Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
1
130 escaped
Nonce Checks
3
Capability Checks
17
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

99% escaped131 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
mo_llm_handle_authorize_flow (includes/class-moaiagent-oauth-connector.php:192)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

miniOrange AI Agent Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 23
actionwp_abilities_api_categories_initincludes/class-moaiagent-abilities.php:26
actionwp_abilities_api_initincludes/class-moaiagent-abilities.php:27
actionadmin_enqueue_scriptsincludes/class-moaiagent-abilities.php:28
filterwp_register_ability_argsincludes/class-moaiagent-abilities.php:30
actionadmin_footerincludes/class-moaiagent-abilities.php:584
actioninitincludes/class-moaiagent-oauth-connector.php:39
actionwp_enqueue_scriptsincludes/class-moaiagent-oauth-connector.php:40
filterquery_varsincludes/class-moaiagent-oauth-connector.php:41
actionparse_requestincludes/class-moaiagent-oauth-connector.php:43
actiontemplate_redirectincludes/class-moaiagent-oauth-connector.php:45
actionrest_api_initincludes/class-moaiagent-oauth-connector.php:47
filterdetermine_current_userincludes/class-moaiagent-oauth-connector.php:49
filterrest_authentication_errorsincludes/class-moaiagent-oauth-connector.php:50
actionrest_api_initincludes/class-moaiagent-oauth-connector.php:52
filterrest_pre_dispatchincludes/class-moaiagent-oauth-connector.php:55
filterlogin_redirectincludes/class-moaiagent-oauth-connector.php:59
filteradmin_email_check_intervalincludes/class-moaiagent-oauth-connector.php:61
actionrest_api_initincludes/class-moaiagent-rest.php:23
actionadmin_initincludes/class-moaiagent-support.php:23
actionadmin_menuincludes/class-moaiagent-ui.php:21
actionadmin_enqueue_scriptsincludes/class-moaiagent-ui.php:22
actionplugins_loadedmoaiagent-bot.php:50
actionadmin_noticesmoaiagent-bot.php:64
Maintenance & Trust

miniOrange AI Agent Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 6, 2026
PHP min version7.4
Downloads126

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

miniOrange AI Agent Alternatives

No alternatives data available yet.

Developer Profile

miniOrange AI Agent Developer Profile

miniOrange

41 plugins · 83K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect miniOrange AI Agent

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/miniorange-ai-agent/assets/css/moaiagent-admin.css/wp-content/plugins/miniorange-ai-agent/assets/js/moaiagent-admin.js/wp-content/plugins/miniorange-ai-agent/assets/css/moaiagent-ai-client.css/wp-content/plugins/miniorange-ai-agent/assets/js/moaiagent-ai-client.js
Script Paths
/wp-content/plugins/miniorange-ai-agent/assets/js/moaiagent-admin.js/wp-content/plugins/miniorange-ai-agent/assets/js/moaiagent-ai-client.js
Version Parameters
miniorange-ai-agent/assets/css/moaiagent-admin.css?ver=miniorange-ai-agent/assets/js/moaiagent-admin.js?ver=miniorange-ai-agent/assets/css/moaiagent-ai-client.css?ver=miniorange-ai-agent/assets/js/moaiagent-ai-client.js?ver=

HTML / DOM Fingerprints

CSS Classes
moaiagent-admin-settings
Data Attributes
data-moaiagent-plugin-file
JS Globals
MoAIAgentAdminMoAIAgentAIClient
REST Endpoints
/wp-json/moaiagent/v1/chat
FAQ

Frequently Asked Questions about miniOrange AI Agent