Nextservice AI – Customer Support & Booking Security & Risk Analysis

wordpress.org/plugins/nextservice-ai

Add AI-powered customer support, live chat and automated booking to your WordPress site.

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Feb 17, 2025
appointmentsartificial-intelligencebooking-systemchatbotcustomer-support
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Nextservice AI – Customer Support & Booking Safe to Use in 2026?

Generally Safe

Score 92/100

Nextservice AI – Customer Support & Booking has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The nextservice-ai plugin version 1.0.0 exhibits a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of direct SQL injection vulnerabilities, with all queries utilizing prepared statements. Furthermore, the plugin demonstrates excellent output escaping practices, with 98% of outputs being properly handled, and a robust implementation of nonce and capability checks, with every identified entry point having at least one of these security measures in place. The total absence of known CVEs and a clean vulnerability history are also positive indicators of the plugin's security.

However, a few areas warrant attention. While the attack surface is relatively small with only 5 entry points, and none are explicitly stated as unprotected, the analysis doesn't detail the specific permission checks on all AJAX handlers. Although capability checks are present, the exact conditions for execution are not fully elaborated. The presence of file operations and external HTTP requests, while not inherently insecure, represent potential avenues for exploitation if not meticulously managed. The taint analysis, though showing no critical or high severity unsanitized paths, is based on a limited number of flows (3), which might not capture all potential risks.

In conclusion, nextservice-ai v1.0.0 appears to be a well-developed plugin with a strong emphasis on fundamental security practices like prepared statements and output escaping. The lack of historical vulnerabilities is encouraging. The primary areas for continued vigilance would be a thorough review of the authorization logic for all AJAX endpoints and careful management of file operations and external requests to mitigate any potential indirect vulnerabilities. The limited scope of the taint analysis suggests that further, more comprehensive dynamic analysis might be beneficial to ensure complete security coverage.

Vulnerabilities
None known

Nextservice AI – Customer Support & Booking Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Nextservice AI – Customer Support & Booking Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Nextservice AI – Customer Support & Booking Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
10 prepared
Unescaped Output
2
116 escaped
Nonce Checks
6
Capability Checks
4
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared10 total queries

Output Escaping

98% escaped118 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
admin_notices (nextservice-ai.php:106)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Nextservice AI – Customer Support & Booking Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 4

authwp_ajax_refresh_branchesnextservice-ai.php:53
authwp_ajax_save_general_settingsnextservice-ai.php:54
authwp_ajax_save_chatbot_settingsnextservice-ai.php:55
authwp_ajax_save_page_branch_mappingsnextservice-ai.php:56

Shortcodes 1

[nextservice_booking] nextservice-ai.php:52
WordPress Hooks 5
actionadmin_menunextservice-ai.php:46
actionadmin_initnextservice-ai.php:47
actionadmin_noticesnextservice-ai.php:49
actionwp_footernextservice-ai.php:51
actionplugins_loadednextservice-ai.php:767
Maintenance & Trust

Nextservice AI – Customer Support & Booking Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 17, 2025
PHP min version7.4
Downloads601

Community Trust

Rating100/100
Number of ratings1
Active installs0
Developer Profile

Nextservice AI – Customer Support & Booking Developer Profile

nextserviceai

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Nextservice AI – Customer Support & Booking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nextservice-ai/assets/css/styles.css/wp-content/plugins/nextservice-ai/assets/js/scripts.js/wp-content/plugins/nextservice-ai/assets/css/booking.css/wp-content/plugins/nextservice-ai/assets/js/booking.js
Script Paths
https://api.nextservice.ai/build/assets/embed.js
Version Parameters
nextservice-ai/assets/css/styles.css?ver=nextservice-ai/assets/js/scripts.js?ver=nextservice-ai/assets/css/booking.css?ver=nextservice-ai/assets/js/booking.js?ver=https://api.nextservice.ai/build/assets/embed.js?ver=

HTML / DOM Fingerprints

CSS Classes
nextservice-booking-wrapperembed-container
HTML Comments
Nextservice AI Booking Shortcode Output
Data Attributes
branch-idorg-idorg-urldata-nonce
JS Globals
NextserviceAInextservice_ai_params
REST Endpoints
/wp-json/nextservice-ai/v1/settings/wp-json/nextservice-ai/v1/branches
Shortcode Output
<div id="nextservice-booking" data-nonce="<section class="embed-container" branch-id="org-id="org-url="
FAQ

Frequently Asked Questions about Nextservice AI – Customer Support & Booking