Does Promptor have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Promptor compatible with WordPress 6.9.4?

According to WordPress.org data, Promptor 1.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Promptor compatible with PHP 7.4+?

Promptor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Promptor updated?

Promptor was last updated on Apr 7, 2026. Frequent updates are generally a positive security signal.

What is Promptor's security score?

Promptor has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Promptor Security — No Known CVEs

Safety Verdict

Is Promptor Safe to Use in 2026?

Generally Safe

Score 100/100

Promptor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The plugin 'promptor' v1.3.0 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices with a high percentage of SQL queries using prepared statements and a very high rate of properly escaped output. The absence of known CVEs and bundled libraries is also a good sign. However, a significant concern arises from the substantial attack surface presented by 44 AJAX handlers, of which 30 are completely unprotected by authentication checks. Furthermore, the taint analysis reveals 8 flows with unsanitized paths and 5 high-severity taint flows, indicating potential vulnerabilities where user input might not be adequately validated before being used in sensitive operations. While there's no historical vulnerability data, the presence of these taint flows suggests potential weaknesses that could be exploited if left unaddressed.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Unsanitized paths in taint flows

Vulnerabilities

None known

Promptor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Promptor Release Timeline

v1.4.0Current

v1.3.5

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.1

v1.1.0

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Promptor Code Analysis

Dangerous Functions

0

Raw SQL Queries

14

109 prepared

Unescaped Output

32

996 escaped

Nonce Checks

54

Capability Checks

45

File Operations

1

External Requests

17

Bundled Libraries

0

SQL Query Safety

89% prepared123 total queries

Output Escaping

97% escaped1028 total outputs

Data Flows · Security

8 unsanitized

Data Flow Analysis

24 flows8 with unsanitized paths

handle_get_query_details (public\ajax-handlers\class-promptor-ajax-admin-handler.php:516)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

30 unprotected

Promptor Attack Surface

Entry Points47

Unprotected30

AJAX Handlers 44

authwp_ajax_promptor_dismiss_review_promptadmin\class-promptor-admin.php:23

authwp_ajax_promptor_dismiss_onboardingadmin\class-promptor-admin.php:24

authwp_ajax_promptor_add_contextincludes\class-promptor-loader.php:103

authwp_ajax_promptor_delete_contextincludes\class-promptor-loader.php:104

authwp_ajax_promptor_update_submission_statusincludes\class-promptor-loader.php:105

authwp_ajax_promptor_get_query_detailsincludes\class-promptor-loader.php:106

authwp_ajax_promptor_get_indexing_statsincludes\class-promptor-loader.php:107

authwp_ajax_promptor_save_content_selectionincludes\class-promptor-loader.php:108

authwp_ajax_promptor_verify_api_keyincludes\class-promptor-loader.php:109

authwp_ajax_promptor_send_test_emailincludes\class-promptor-loader.php:110

authwp_ajax_promptor_send_test_slackincludes\class-promptor-loader.php:111

authwp_ajax_promptor_save_notification_settingsincludes\class-promptor-loader.php:112

authwp_ajax_promptor_bulk_update_rolesincludes\class-promptor-loader.php:113

authwp_ajax_promptor_update_single_roleincludes\class-promptor-loader.php:114

authwp_ajax_promptor_generate_example_questionsincludes\class-promptor-loader.php:115

authwp_ajax_promptor_load_more_contentincludes\class-promptor-loader.php:116

authwp_ajax_promptor_wizard_load_contentincludes\class-promptor-loader.php:118

authwp_ajax_promptor_wizard_save_apiincludes\class-promptor-loader.php:119

authwp_ajax_promptor_wizard_save_contentincludes\class-promptor-loader.php:120

authwp_ajax_promptor_wizard_completeincludes\class-promptor-loader.php:121

authwp_ajax_promptor_start_syncincludes\class-promptor-loader.php:126

authwp_ajax_promptor_start_crawlincludes\class-promptor-loader.php:127

authwp_ajax_promptor_process_itemincludes\class-promptor-loader.php:128

authwp_ajax_promptor_clear_indexincludes\class-promptor-loader.php:129

authwp_ajax_promptor_get_ai_suggestionincludes\class-promptor-loader.php:141

noprivwp_ajax_promptor_get_ai_suggestionincludes\class-promptor-loader.php:142

authwp_ajax_promptor_save_feedbackincludes\class-promptor-loader.php:143

noprivwp_ajax_promptor_save_feedbackincludes\class-promptor-loader.php:144

authwp_ajax_promptor_submit_contact_formincludes\class-promptor-loader.php:149

noprivwp_ajax_promptor_submit_contact_formincludes\class-promptor-loader.php:150

authwp_ajax_promptor_add_to_cartincludes\class-promptor-loader.php:151

noprivwp_ajax_promptor_add_to_cartincludes\class-promptor-loader.php:152

authwp_ajax_promptor_get_ai_suggestionpublic\ajax-handlers\class-promptor-ajax-chat-handler.php:113

noprivwp_ajax_promptor_get_ai_suggestionpublic\ajax-handlers\class-promptor-ajax-chat-handler.php:114

authwp_ajax_promptor_save_feedbackpublic\ajax-handlers\class-promptor-ajax-chat-handler.php:115

noprivwp_ajax_promptor_save_feedbackpublic\ajax-handlers\class-promptor-ajax-chat-handler.php:116

authwp_ajax_promptor_submit_contact_formpublic\ajax-handlers\class-promptor-ajax-form-handler.php:29

noprivwp_ajax_promptor_submit_contact_formpublic\ajax-handlers\class-promptor-ajax-form-handler.php:30

authwp_ajax_promptor_add_to_cartpublic\ajax-handlers\class-promptor-ajax-form-handler.php:31

noprivwp_ajax_promptor_add_to_cartpublic\ajax-handlers\class-promptor-ajax-form-handler.php:32

authwp_ajax_promptor_start_syncpublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:20

authwp_ajax_promptor_start_crawlpublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:21

authwp_ajax_promptor_process_itempublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:22

authwp_ajax_promptor_clear_indexpublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:23

Shortcodes 3

[promptor] public\class-promptor-public.php:86

[promptor_search] public\class-promptor-public.php:89

[promptor_results] public\class-promptor-public.php:92

WordPress Hooks 41

actionadmin_menuadmin\class-promptor-admin.php:15

actionadmin_enqueue_scriptsadmin\class-promptor-admin.php:16

actionadmin_initadmin\class-promptor-admin.php:17

actionadmin_initadmin\class-promptor-admin.php:18

actionadmin_initadmin\class-promptor-admin.php:19

actionadmin_initadmin\class-promptor-admin.php:20

actionadmin_bar_menuadmin\class-promptor-admin.php:21

actionadmin_noticesadmin\class-promptor-admin.php:22

actionin_admin_headeradmin\class-promptor-admin.php:26

filteradmin_body_classadmin\class-promptor-admin.php:28

actionadmin_noticesadmin\class-promptor-list-table-pages.php:39

actionadmin_noticesadmin\class-promptor-telemetry-notice.php:22

actionadmin_noticesadmin\class-promptor-telemetry-notice.php:23

actioninitadmin\class-promptor-telemetry.php:37

actionadmin_initadmin\class-promptor-telemetry.php:43

actionpromptor_query_sentadmin\class-promptor-telemetry.php:46

actionpromptor_lead_capturedadmin\class-promptor-telemetry.php:47

actionpromptor_step_completedadmin\class-promptor-telemetry.php:48

actionpromptor_kb_updatedadmin\class-promptor-telemetry.php:49

actionadmin_post_promptor_save_telemetryadmin\settings\class-promptor-settings-telemetry.php:19

actionadmin_post_promptor_reset_telemetry_idadmin\settings\class-promptor-settings-telemetry.php:20

actionadmin_post_promptor_clear_telemetry_queueadmin\settings\class-promptor-settings-telemetry.php:21

actionadmin_post_promptor_save_ui_settingsadmin\settings\class-promptor-settings-ui.php:24

actionadmin_initincludes\class-promptor-loader.php:82

actioncurrent_screenincludes\class-promptor-loader.php:83

actionadmin_noticesincludes\class-promptor-loader.php:84

actionadmin_noticesincludes\class-promptor-loader.php:85

actionadmin_initincludes\class-promptor-loader.php:91

actionadmin_menuincludes\class-promptor-loader.php:92

actionadmin_enqueue_scriptsincludes\class-promptor-loader.php:93

actionadmin_initincludes\class-promptor-loader.php:98

actionafter_uninstallpromptor.php:108

actionplugins_loadedpromptor.php:296

actionwoocommerce_checkout_create_order_line_itempromptor.php:307

actionwoocommerce_thankyoupromptor.php:315

actionplugins_loadedpromptor.php:323

actionwp_enqueue_scriptspromptor.php:421

actionsave_postpublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:26

actioninitpublic\class-promptor-public.php:37

actionwp_enqueue_scriptspublic\class-promptor-public.php:40

actionwp_footerpublic\class-promptor-public.php:46

Maintenance & Trust

Promptor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 7, 2026

PHP min version7.4

Downloads499

Community Trust

Rating100/100

Number of ratings2

Active installs0

Alternatives

Promptor Alternatives

AI Chatbot for WordPress by Customerly

customerly

A

85

AI Chatbot to support customers, create engaging messages and send automated emails.

300 No CVEs

AI Chatbot, Live Chat & Lead Generation for WordPress

ai-chatbot-live-chat-for-wordpress-using-chatgpt

A

100

Add a WordPress AI Chatbot to your site powered by Google Gemini. Manage AI agents, knowledge bases, live chat, and analytics from your dashboard.

100 No CVEs

Zeno – AI-Powered Chatbot

zeno-chatbot-ai

A

100

An AI-powered WordPress automation chatbot plugin that helps you automate support, engage visitors, and answer questions using OpenAI or Google Gemini

60 No CVEs

Gapify AI Customer Communication

gapify-ai-customer-communication

A

100

AI-powered customer support and chat widget. Automate responses, increase sales, and provide 24/7 customer service with Gapify's intelligent chatbot.

20 No CVEs

Free AI Lead Generation Chatbot – ChatSale

ai-lead-form-builder-chatsale

A

92

ChatSale is a ChatGPT chatbot for a website that turns website visitors into qualified leads and booked appointments through smart conversations.

10 No CVEs

Developer Profile

Promptor Developer Profile

Corrplus

1 plugin · 0 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Promptor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/promptor/css/promptor-frontend.css/wp-content/plugins/promptor/js/promptor-frontend.js

Script Paths

/wp-content/plugins/promptor/js/promptor-frontend.js

Version Parameters

promptor/css/promptor-frontend.css?ver=promptor/js/promptor-frontend.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-promptor-widgetdata-promptor-chatdata-promptor-recommendationsdata-promptor-leadsdata-promptor-id

JS Globals

window.PromptorConfigvar PromptorConfig

REST Endpoints

/wp-json/promptor/v1/search/wp-json/promptor/v1/recommendations/wp-json/promptor/v1/leads

Shortcode Output

[promptor_widget][promptor_chat][promptor_recommendations][promptor_leads]

FAQ

Promptor Security & Risk Analysis