WP-Safety

Plug ChatBot Security & Risk Analysis

wordpress.org/plugins/plug-chatbot

AI chatbot for WordPress with OpenAI-powered responses, visitor capture, email notifications, voice responses, and Knowledge Base file search.

0 active installs v1.0.1 PHP 7.4+ WP 6.2+ Updated Apr 10, 2026
aichatbotcustomer-supportknowledge-baseopenai
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Plug ChatBot Safe to Use in 2026?

Generally Safe

Score 100/100

Plug ChatBot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'plug-chatbot' v1.0.1 plugin demonstrates a generally good security posture with several strengths. Notably, all SQL queries are properly prepared, and all output is correctly escaped, indicating a strong defense against common injection and XSS vulnerabilities. The plugin also incorporates a good number of nonce and capability checks, further bolstering its security. The absence of any known CVEs and a clean vulnerability history are significant positive indicators.

However, the analysis reveals a critical concern: one AJAX handler lacks any authentication checks. This represents a significant attack vector, as an unauthenticated user could potentially interact with this endpoint, leading to unintended consequences depending on its functionality. Furthermore, the taint analysis identified three flows with unsanitized paths, although these were not classified as critical or high severity. While the immediate risk might be low, these unsanitized paths could be a precursor to more serious vulnerabilities in future versions or if exploited in conjunction with other weaknesses.

In conclusion, 'plug-chatbot' v1.0.1 is built on a solid foundation of secure coding practices. The complete lack of historical vulnerabilities is reassuring. The primary weakness lies in the single unprotected AJAX endpoint, which requires immediate attention. The identified unsanitized paths, while not currently critical, suggest a need for continued vigilance in code reviews and testing for future updates.

Key Concerns

  • AJAX handler without authentication check
  • Taint flows with unsanitized paths
Vulnerabilities
None known

Plug ChatBot Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Plug ChatBot Release Timeline

v1.0.2
v1.0.1Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Plug ChatBot Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
0
274 escaped
Nonce Checks
16
Capability Checks
11
File Operations
1
External Requests
11
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

100% escaped274 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
nafcorp_kb_detach_file (plug-chatbot.php:2998)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Plug ChatBot Attack Surface

Entry Points27
Unprotected1

AJAX Handlers 26

authwp_ajax_nafcorp_chat_messageplug-chatbot.php:707
noprivwp_ajax_nafcorp_chat_messageplug-chatbot.php:708
authwp_ajax_nafcorp_log_frontend_eventplug-chatbot.php:709
noprivwp_ajax_nafcorp_log_frontend_eventplug-chatbot.php:710
authwp_ajax_nafcorp_visitor_capture_statusplug-chatbot.php:711
noprivwp_ajax_nafcorp_visitor_capture_statusplug-chatbot.php:712
authwp_ajax_nafcorp_visitor_capture_submitplug-chatbot.php:713
noprivwp_ajax_nafcorp_visitor_capture_submitplug-chatbot.php:714
authwp_ajax_nafcorp_kb_list_filesplug-chatbot.php:2018
authwp_ajax_nafcorp_kb_upload_fileplug-chatbot.php:2019
authwp_ajax_nafcorp_kb_delete_fileplug-chatbot.php:2020
authwp_ajax_nafcorp_kb_attach_fileplug-chatbot.php:2021
authwp_ajax_nafcorp_kb_detach_fileplug-chatbot.php:2022
authwp_ajax_nafcorp_kb_list_vector_storesplug-chatbot.php:2023
authwp_ajax_nafcorp_kb_select_vector_storeplug-chatbot.php:2024
authwp_ajax_nafcorp_kb_save_tool_togglesplug-chatbot.php:2025
authwp_ajax_nafcorp_ai_reset_chatplug-chatbot.php:2028
noprivwp_ajax_nafcorp_ai_reset_chatplug-chatbot.php:2029
authwp_ajax_nafcorp_ai_end_chatplug-chatbot.php:2030
noprivwp_ajax_nafcorp_ai_end_chatplug-chatbot.php:2031
authwp_ajax_nafcorp_end_chatplug-chatbot.php:2032
noprivwp_ajax_nafcorp_end_chatplug-chatbot.php:2033
authwp_ajax_nafcorp_chat_resetplug-chatbot.php:2034
noprivwp_ajax_nafcorp_chat_resetplug-chatbot.php:2035
authwp_ajax_nafcorp_ai_export_chatplug-chatbot.php:2038
noprivwp_ajax_nafcorp_ai_export_chatplug-chatbot.php:2039

Shortcodes 1

[nafcorp_ai_intake] plug-chatbot.php:705
WordPress Hooks 12
actionsend_headersplug-chatbot.php:207
filterscript_loader_tagplug-chatbot.php:220
filterwp_inline_script_attributesplug-chatbot.php:229
actionnafcorp_security_eventplug-chatbot.php:299
actionadmin_menuplug-chatbot.php:703
actionwp_enqueue_scriptsplug-chatbot.php:704
actionwp_footerplug-chatbot.php:742
actionnafcorp_cleanup_audio_filesplug-chatbot.php:1193
actionadmin_initplug-chatbot.php:1809
filterwp_privacy_personal_data_exportersplug-chatbot.php:1810
filterwp_privacy_personal_data_erasersplug-chatbot.php:1811
actionadmin_enqueue_scriptsplug-chatbot.php:2015

Scheduled Events 1

nafcorp_cleanup_audio_files
Maintenance & Trust

Plug ChatBot Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 10, 2026
PHP min version7.4
Downloads73

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Plug ChatBot Alternatives

Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

support-genix-lite

A
97

AI-powered helpdesk & support ticket system with chatbot, knowledge base, and smart automation for WordPress.

1K 3 CVEs
AI Chatbot for Support & E-Commerce

AI Chatbot for Support & E-Commerce

ai-chatbot-for-support-e-commerce

A
100

AI-powered chatbot for WordPress and WooCommerce using OpenAI or Gemini, trained on your site content.

0 No CVEs
Aspired Chatbot

Aspired Chatbot

aspired-chatbot

A
100

A WordPress chatbot plugin with a manual knowledge base, site scanner, analytics, and OpenAI-powered replies restricted to approved site information.

0 No CVEs
Chiebot – AI Chat Assistant

Chiebot – AI Chat Assistant

chiebot

A
100

Add an AI chatbot to your WordPress site. Uses OpenAI API to learn your site content and automatically answer visitor questions.

0 No CVEs
ColorWhistle AI ChatBot

ColorWhistle AI ChatBot

colorwhistle-ai-chatbot

A
100

ColorWhistle AI ChatBot is an intelligent assistant that indexes your WordPress content and uses OpenAI + Pinecone for context-aware answers.

0 No CVEs
Developer Profile

Plug ChatBot Developer Profile

NAFCORP TECHNOLOGIES

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Plug ChatBot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/plug-chatbot/assets/css/plug-chatbot-frontend.css/wp-content/plugins/plug-chatbot/assets/js/plug-chatbot-frontend.js/wp-content/plugins/plug-chatbot/assets/js/plug-chatbot-vendor.js
Script Paths
/wp-content/plugins/plug-chatbot/assets/js/plug-chatbot-vendor.js/wp-content/plugins/plug-chatbot/assets/js/plug-chatbot-frontend.js
Version Parameters
plug-chatbot/assets/css/plug-chatbot-frontend.css?ver=plug-chatbot/assets/js/plug-chatbot-frontend.js?ver=plug-chatbot/assets/js/plug-chatbot-vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes
plug-chatbot-widgetplug-chatbot-chatboxplug-chatbot-message
Data Attributes
data-nonce
JS Globals
nafcorp_chatbot_config
Shortcode Output
[plug-chatbot]
FAQ

Frequently Asked Questions about Plug ChatBot