Does AI Search Bar have any unpatched vulnerabilities?

Yes — AI Search Bar currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is AI Search Bar compatible with WordPress 6.8.5?

According to WordPress.org data, AI Search Bar 2.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is AI Search Bar compatible with PHP 7.4+?

AI Search Bar requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AI Search Bar updated?

AI Search Bar was last updated on May 20, 2025. Frequent updates are generally a positive security signal.

What is AI Search Bar's security score?

AI Search Bar has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AI Search Bar Security & Risk Analysis

wordpress.org/plugins/open-ai-search-bar

Add a ChatGPT-style AI search bar via shortcode. Responds to prompts using OpenAI’s API (does not search site content).

30 active installs v2.1 PHP 7.4+ WP 5.7+ Updated May 20, 2025

aiai-search-barchatchatgptgpt

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is AI Search Bar Safe to Use in 2026?

Mostly Safe

Score 79/100

AI Search Bar is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 10mo ago

Risk Assessment

The "open-ai-search-bar" plugin v2.1 exhibits a concerning security posture, primarily due to significant weaknesses in its handling of entry points and database interactions. The presence of two AJAX handlers without authentication checks creates a direct attack vector that could be exploited by unauthenticated users. Furthermore, the complete absence of prepared statements for all SQL queries is a critical flaw, making the plugin highly susceptible to SQL injection vulnerabilities. The taint analysis indicating unsanitized paths, while not resulting in critical or high severity findings in this specific scan, is a red flag that, combined with the SQL query issues, suggests a high risk of data manipulation or leakage.

The plugin's vulnerability history, with a known medium-severity Cross-Site Scripting (XSS) vulnerability that is currently unpatched, further exacerbates these concerns. The fact that a vulnerability exists and remains unaddressed highlights a lack of ongoing security maintenance and testing. While the plugin doesn't appear to make external HTTP requests or perform file operations, which are positive aspects, these do not outweigh the fundamental security flaws identified. The overall impression is a plugin with a high risk profile due to unauthenticated entry points, critical SQL injection potential, and a history of unaddressed vulnerabilities.

Key Concerns

Unauthenticated AJAX handlers
SQL queries without prepared statements
Unpatched CVE (Medium severity)
Lack of nonce checks on AJAX
Low output escaping rate
Flows with unsanitized paths

Vulnerabilities

AI Search Bar Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31563medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AI Search Bar <= 2.1 - Unauthenticated Stored Cross-Site Scripting

Apr 1, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

AI Search Bar Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

43% escaped7 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

OASB_Add_AI_Search_Bar_Form (includes\utils.php:4)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

AI Search Bar Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_OASB_Add_AI_Search_Bar_Formincludes\utils.php:2

noprivwp_ajax_OASB_Add_AI_Search_Bar_Formincludes\utils.php:3

Shortcodes 1

[ai_search_bar] includes\utils.php:50

WordPress Hooks 10

actionplugins_loadedai_search_bar.php:24

filterplugin_action_links_open-ai-search-bar/ai_search_bar.phpai_search_bar.php:46

actionplugins_loadedincludes\plugin.php:5

actionadmin_enqueue_scriptsincludes\plugin.php:23

actionwp_enqueue_scriptsincludes\plugin.php:37

filterplugin_row_metaincludes\plugin.php:69

actionadmin_initincludes\settings.php:3

actionadmin_print_footer_scriptsincludes\settings.php:6

actionadmin_menuincludes\settings.php:13

actionadmin_noticesincludes\settings.php:91

Maintenance & Trust

AI Search Bar Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 20, 2025

PHP min version7.4

Downloads5K

Community Trust

Rating60/100

Number of ratings4

Active installs30

Alternatives

AI Search Bar Alternatives

LocoAI – Auto Translate For Loco Translate

automatic-translator-addon-for-loco-translate

100

LocoAI - Auto Translate For Loco Translate is a powerful tool for developers looking to quickly translate their WordPress plugins and themes.

80K No CVEs

BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

betterdocs

A full-featured documentation plugin including AI writing assistance to create knowledge bases, docs, FAQs, wikis, and more with easy drag & drop UI.

40K 7 CVEs

WPBot – AI ChatBot for Live Support, Lead Generation, AI Services

chatbot

AI ChatBot for WordPress WPBot - Automated 24/7 Live Chat Customer Support. NATIVE, Lead Generation, Forms, Gemini, DialogFlow, ChatGPT, OpenRouter

6K 33 CVEs

AI Chatbot – Jotform

jotform-ai-chatbot

100

AI chatbot that automates support, answers FAQs, drives WooCommerce sales, generates leads, and boosts engagement — easy setup, no coding!

4K No CVEs

AI WP Writer – SEO content generator, chatGPT, Gemini

ai-wp-writer

Create high-quality SEO articles and AI images. Auto-fill website. Generate, rewrite and translate with AI. Powered by Gemini, GPT-5, NanoBanana, FLUX

3K 2 CVEs

Developer Profile

AI Search Bar Developer Profile

Vimal Kava

2 plugins · 530 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AI Search Bar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/open-ai-search-bar/assets/css/admin-style.css/wp-content/plugins/open-ai-search-bar/assets/js/admin-script.js/wp-content/plugins/open-ai-search-bar/assets/css/ai-search-bar-style.css/wp-content/plugins/open-ai-search-bar/assets/css/codemirror.css/wp-content/plugins/open-ai-search-bar/assets/js/codemirror.js/wp-content/plugins/open-ai-search-bar/assets/js/xml.js/wp-content/plugins/open-ai-search-bar/assets/js/css.js/wp-content/plugins/open-ai-search-bar/assets/js/javascript.js+2 more

HTML / DOM Fingerprints

CSS Classes

infinity-ai-search-bar-forminfinity-searchinfinity-searech-form

Data Attributes

id="input_ai_search_bar"id="ai_search_bar_key"id="submit_ai_search_bar"id="search_result"

JS Globals

request_globals

REST Endpoints

/wp-json/

Shortcode Output

[ai_search_bar]

FAQ