Does Mori AI Search have any unpatched vulnerabilities?

No. All known vulnerabilities in Mori AI Search have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mori AI Search compatible with WordPress 6.9.4?

According to WordPress.org data, Mori AI Search 1.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Mori AI Search updated?

Mori AI Search was last updated on Dec 23, 2025. Frequent updates are generally a positive security signal.

What is Mori AI Search's security score?

Mori AI Search has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mori AI Search Security & Risk Analysis

wordpress.org/plugins/mori-ai-search

Tired of website search that doesn't work? Mori AI Search upgrades your site’s search from basic keyword matching to smart, context-aware results.

30 active installs v1.0.4 PHP + WP 6.0+ Updated Dec 23, 2025

aichatgptopenaisearch

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Mori AI Search Safe to Use in 2026?

Generally Safe

Score 100/100

Mori AI Search has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The mori-ai-search v1.0.4 plugin exhibits a generally good security posture, with no known historical vulnerabilities. The code analysis shows a strong reliance on prepared statements for SQL queries and a reasonable percentage of properly escaped outputs, indicating an awareness of common web security pitfalls. Furthermore, the presence of capability checks for most entry points suggests an effort to enforce authorization. However, there are specific areas that warrant attention. The presence of 2 REST API routes without permission callbacks represents a direct attack vector that could be exploited by unauthenticated users to potentially gain unauthorized access or manipulate data. Additionally, a taint analysis revealing a flow with an unsanitized path, even without a critical or high severity classification, indicates a potential for subtle vulnerabilities that might be overlooked. The plugin's lack of bundled libraries is a positive sign, reducing the risk of outdated and vulnerable third-party code.

Key Concerns

REST API routes without permission callbacks
Taint flow with unsanitized path
Incomplete output escaping

Vulnerabilities

None known

Mori AI Search Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Mori AI Search Code Analysis

Dangerous Functions

Raw SQL Queries

36 prepared

Unescaped Output

129 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

86% prepared42 total queries

Output Escaping

68% escaped189 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

aiws_search_settings_fields_no_id (mori-ai-search.php:2485)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Mori AI Search Attack Surface

Entry Points11

Unprotected2

REST API Routes 10

POST/wp-json/ai-search/v1/searchincludes\api.php:6

POST/wp-json/ai-search/v1/web-queryincludes\api.php:11

POST/wp-json/ai-search/v1/generate-promptincludes\api.php:16

POST/wp-json/ai-search/v1/custom-tags/addincludes\api.php:23

POST/wp-json/ai-search/v1/custom-tags/removeincludes\api.php:28

GET/wp-json/ai-search/v1/reindex-progressincludes\api.php:34

GET/wp-json/ai-search/v1/indexincludes\api.php:39

POST/wp-json/ai-search/v1/batch-saveincludes\api.php:45

POST/wp-json/ai-search/v1/prune-excludedincludes\api.php:51

POST/wp-json/ai-search/v1/index-missingincludes\api.php:57

Shortcodes 1

[aiws_search] mori-ai-search.php:2682

WordPress Hooks 15

actionrest_api_initincludes\api.php:5

actionaiws_search_reindex_eventmori-ai-search.php:942

actionbefore_delete_postmori-ai-search.php:988

actionsave_postmori-ai-search.php:993

actionadmin_menumori-ai-search.php:1054

actionadmin_initmori-ai-search.php:1691

filterpre_update_optionmori-ai-search.php:1885

actionupdate_option_aiws_search_site_typemori-ai-search.php:2290

actionwp_enqueue_scriptsmori-ai-search.php:2325

actionadmin_enqueue_scriptsmori-ai-search.php:2383

actionadmin_enqueue_scriptsmori-ai-search.php:2389

actionwp_footermori-ai-search.php:2580

actionadmin_head-nav-menus.phpmori-ai-search.php:2595

filterwalker_nav_menu_start_elmori-ai-search.php:2641

filterwp_nav_menu_itemsmori-ai-search.php:2664

Scheduled Events 2

aiws_search_reindex_event

Maintenance & Trust

Mori AI Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 23, 2025

PHP min version

Downloads509

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Mori AI Search Alternatives

Chatbot with ChatGPT WordPress

smartsearchwp

Turn your WordPress content into a ChatGPT-powered AI assistant with semantic search, contextual answers, and full control.

100 4 CVEs

WP AI CoPilot – AI content writer plugin, ChatGPT WordPress, GPT-3/4 , Ai assistance

ai-co-pilot-for-wp

AI Content Writing Assistant – A one-click solution that generates high-quality, unique content by utilizing AI (GPT4 , OpenAI).

1K 2 CVEs

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek

ai-content-generation

WP Wand is a powerful AI Content Writer for WordPress. Your AI Co-Pilot for generating content, powered by OpenAI, Claude, OpenRouter and Deepseek.

1K 1 unpatched

AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation

ai-copilot

Boost productivity with ChatGPT AI Engine: automate content creation, enhance Gutenberg editing, and deploy AI chatbots for smarter, faster workflows.

1K 1 unpatched

AI Content Creator – Easy ChatGPT powered article generator

ai-content-creator

This plugin easily creates articles for new posts for your site using the same AI that powers ChatGPT.

600 1 unpatched

Developer Profile

Mori AI Search Developer Profile

Troy

2 plugins · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Mori AI Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mori-ai-search/assets/css/mori-ai-search.css/wp-content/plugins/mori-ai-search/assets/js/mori-ai-search.js

Script Paths

/wp-content/plugins/mori-ai-search/assets/js/mori-ai-search.js

Version Parameters

mori-ai-search/assets/css/mori-ai-search.css?ver=mori-ai-search/assets/js/mori-ai-search.js?ver=

HTML / DOM Fingerprints

JS Globals

aiws_search_ajax_object

REST Endpoints

/wp-json/aiws-search/

FAQ