WP-Safety

NGM Content AI Security & Risk Analysis

wordpress.org/plugins/ngm-content-ai

Generate high-quality WordPress posts and images with AI-powered content using Google Gemini and Pollinations.ai.

20 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Feb 15, 2026
aiai-writingcontent-generatorgeminiimage-generation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is NGM Content AI Safe to Use in 2026?

Generally Safe

Score 100/100

NGM Content AI has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The ngm-content-ai v1.0.0 plugin exhibits a concerning security posture primarily due to its unprotected AJAX handlers. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and output escaping, the presence of four AJAX handlers without authentication checks represents a significant attack surface. This lack of authorization on critical entry points could allow unauthenticated users to trigger potentially sensitive actions or expose information.

The taint analysis further highlights this concern, revealing two flows with unsanitized paths, classified as high severity. Although no critical vulnerabilities were identified, these high-severity taint flows, combined with the unprotected AJAX endpoints, suggest a real risk of privilege escalation or data manipulation if these paths can be triggered by malicious actors.

The plugin's vulnerability history is clean, with zero recorded CVEs. This is a positive indicator, suggesting that the development team may have a good understanding of secure coding practices, or perhaps the plugin is not widely targeted. However, the absence of historical vulnerabilities should not overshadow the immediate risks identified in the static and taint analyses. The strengths lie in the predominantly safe handling of SQL and output, but the weaknesses in authentication and sanitization of specific code paths are significant and warrant immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
Vulnerabilities
None known

NGM Content AI Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

NGM Content AI Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 16, 2026

NGM Content AI Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
34 prepared
Unescaped Output
9
127 escaped
Nonce Checks
5
Capability Checks
5
File Operations
1
External Requests
4
Bundled Libraries
0

SQL Query Safety

81% prepared42 total queries

Output Escaping

93% escaped136 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
get_history (admin\ajax\class-ajax-handler.php:512)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

NGM Content AI Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_ngmcai_generate_contentincludes\class-ngm-content-ai.php:108
authwp_ajax_ngmcai_generate_imageincludes\class-ngm-content-ai.php:109
authwp_ajax_ngmcai_upload_imageincludes\class-ngm-content-ai.php:110
authwp_ajax_ngmcai_save_postincludes\class-ngm-content-ai.php:111
WordPress Hooks 4
actionadmin_enqueue_scriptsincludes\class-ngm-content-ai.php:96
actionadmin_enqueue_scriptsincludes\class-ngm-content-ai.php:97
actionadmin_menuincludes\class-ngm-content-ai.php:100
actionadmin_initincludes\class-ngm-content-ai.php:104
Maintenance & Trust

NGM Content AI Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 15, 2026
PHP min version7.4
Downloads240

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

NGM Content AI Alternatives

AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o

AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o

aibuddy-openai-chatgpt

A
100

AI Bud an AI Content & Image Generation, AI ChatBot, ChatGPT, OpenAI, Perplexity, Gemini, GPT-4o, LLAMA, Mistral

3K No CVEs
WebPlanetSoft AI Content Gen – Google Gemini AI Writer, SEO Blog Post & Content Generator

WebPlanetSoft AI Content Gen – Google Gemini AI Writer, SEO Blog Post & Content Generator

webplanet-ai-content-gen

A
100

Create high-quality SEO content with AI. The ultimate AI writer for manual blog posts, smart previews, and auto-categories using Google Gemini.

50 No CVEs
YLabs Connector for WPWriter

YLabs Connector for WPWriter

ylabs-connector-for-wpwriter

A
100

Create AI-powered blog posts, pages, and images for WordPress. Use your own API key from OpenAI, Claude, or Gemini — zero markup on AI costs.

20 No CVEs
WordAI

WordAI

wordai

A
100

AI content and image generator for WordPress with OpenAI and Google Gemini support.

10 No CVEs
AI SEO Article Generator

AI SEO Article Generator

ai-seo-article-generator

A
100

Generate SEO-optimized articles using Claude 4 or OpenAI AI. Features feedback system, structured content creation and full Hebrew/English support.

0 No CVEs
Developer Profile

NGM Content AI Developer Profile

Nabin Gharti Magar

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NGM Content AI

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ngm-content-ai/admin/assets/css/ngm-content-ai-admin.css/wp-content/plugins/ngm-content-ai/admin/assets/js/ngm-content-ai-admin.js
Version Parameters
ngm-content-ai/admin/assets/css/ngm-content-ai-admin.css?ver=ngm-content-ai/admin/assets/js/ngm-content-ai-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-ngmcai-studio
JS Globals
ngmcaiStudio
FAQ

Frequently Asked Questions about NGM Content AI