WP-Safety

Promptor Security & Risk Analysis

wordpress.org/plugins/promptor

Your 24/7 AI Sales Assistant for WordPress. Convert visitors into leads with intelligent chat powered by your own content.

0 active installs v1.3.0 PHP 7.4+ WP 5.8+ Updated Unknown
ai-assistantai-chatbotchatbotlead-generationwoocommerce-chatbot
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Promptor Safe to Use in 2026?

Generally Safe

Score 100/100

Promptor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin 'promptor' v1.3.0 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices with a high percentage of SQL queries using prepared statements and a very high rate of properly escaped output. The absence of known CVEs and bundled libraries is also a good sign. However, a significant concern arises from the substantial attack surface presented by 44 AJAX handlers, of which 30 are completely unprotected by authentication checks. Furthermore, the taint analysis reveals 8 flows with unsanitized paths and 5 high-severity taint flows, indicating potential vulnerabilities where user input might not be adequately validated before being used in sensitive operations. While there's no historical vulnerability data, the presence of these taint flows suggests potential weaknesses that could be exploited if left unaddressed.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Unsanitized paths in taint flows
Vulnerabilities
None known

Promptor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Promptor Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
109 prepared
Unescaped Output
32
996 escaped
Nonce Checks
54
Capability Checks
45
File Operations
1
External Requests
17
Bundled Libraries
0

SQL Query Safety

89% prepared123 total queries

Output Escaping

97% escaped1028 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

24 flows8 with unsanitized paths
handle_get_query_details (public\ajax-handlers\class-promptor-ajax-admin-handler.php:516)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
30 unprotected

Promptor Attack Surface

Entry Points47
Unprotected30

AJAX Handlers 44

authwp_ajax_promptor_dismiss_review_promptadmin\class-promptor-admin.php:23
authwp_ajax_promptor_dismiss_onboardingadmin\class-promptor-admin.php:24
authwp_ajax_promptor_add_contextincludes\class-promptor-loader.php:103
authwp_ajax_promptor_delete_contextincludes\class-promptor-loader.php:104
authwp_ajax_promptor_update_submission_statusincludes\class-promptor-loader.php:105
authwp_ajax_promptor_get_query_detailsincludes\class-promptor-loader.php:106
authwp_ajax_promptor_get_indexing_statsincludes\class-promptor-loader.php:107
authwp_ajax_promptor_save_content_selectionincludes\class-promptor-loader.php:108
authwp_ajax_promptor_verify_api_keyincludes\class-promptor-loader.php:109
authwp_ajax_promptor_send_test_emailincludes\class-promptor-loader.php:110
authwp_ajax_promptor_send_test_slackincludes\class-promptor-loader.php:111
authwp_ajax_promptor_save_notification_settingsincludes\class-promptor-loader.php:112
authwp_ajax_promptor_bulk_update_rolesincludes\class-promptor-loader.php:113
authwp_ajax_promptor_update_single_roleincludes\class-promptor-loader.php:114
authwp_ajax_promptor_generate_example_questionsincludes\class-promptor-loader.php:115
authwp_ajax_promptor_load_more_contentincludes\class-promptor-loader.php:116
authwp_ajax_promptor_wizard_load_contentincludes\class-promptor-loader.php:118
authwp_ajax_promptor_wizard_save_apiincludes\class-promptor-loader.php:119
authwp_ajax_promptor_wizard_save_contentincludes\class-promptor-loader.php:120
authwp_ajax_promptor_wizard_completeincludes\class-promptor-loader.php:121
authwp_ajax_promptor_start_syncincludes\class-promptor-loader.php:126
authwp_ajax_promptor_start_crawlincludes\class-promptor-loader.php:127
authwp_ajax_promptor_process_itemincludes\class-promptor-loader.php:128
authwp_ajax_promptor_clear_indexincludes\class-promptor-loader.php:129
authwp_ajax_promptor_get_ai_suggestionincludes\class-promptor-loader.php:141
noprivwp_ajax_promptor_get_ai_suggestionincludes\class-promptor-loader.php:142
authwp_ajax_promptor_save_feedbackincludes\class-promptor-loader.php:143
noprivwp_ajax_promptor_save_feedbackincludes\class-promptor-loader.php:144
authwp_ajax_promptor_submit_contact_formincludes\class-promptor-loader.php:149
noprivwp_ajax_promptor_submit_contact_formincludes\class-promptor-loader.php:150
authwp_ajax_promptor_add_to_cartincludes\class-promptor-loader.php:151
noprivwp_ajax_promptor_add_to_cartincludes\class-promptor-loader.php:152
authwp_ajax_promptor_get_ai_suggestionpublic\ajax-handlers\class-promptor-ajax-chat-handler.php:113
noprivwp_ajax_promptor_get_ai_suggestionpublic\ajax-handlers\class-promptor-ajax-chat-handler.php:114
authwp_ajax_promptor_save_feedbackpublic\ajax-handlers\class-promptor-ajax-chat-handler.php:115
noprivwp_ajax_promptor_save_feedbackpublic\ajax-handlers\class-promptor-ajax-chat-handler.php:116
authwp_ajax_promptor_submit_contact_formpublic\ajax-handlers\class-promptor-ajax-form-handler.php:29
noprivwp_ajax_promptor_submit_contact_formpublic\ajax-handlers\class-promptor-ajax-form-handler.php:30
authwp_ajax_promptor_add_to_cartpublic\ajax-handlers\class-promptor-ajax-form-handler.php:31
noprivwp_ajax_promptor_add_to_cartpublic\ajax-handlers\class-promptor-ajax-form-handler.php:32
authwp_ajax_promptor_start_syncpublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:20
authwp_ajax_promptor_start_crawlpublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:21
authwp_ajax_promptor_process_itempublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:22
authwp_ajax_promptor_clear_indexpublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:23

Shortcodes 3

[promptor] public\class-promptor-public.php:86
[promptor_search] public\class-promptor-public.php:89
[promptor_results] public\class-promptor-public.php:92
WordPress Hooks 41
actionadmin_menuadmin\class-promptor-admin.php:15
actionadmin_enqueue_scriptsadmin\class-promptor-admin.php:16
actionadmin_initadmin\class-promptor-admin.php:17
actionadmin_initadmin\class-promptor-admin.php:18
actionadmin_initadmin\class-promptor-admin.php:19
actionadmin_initadmin\class-promptor-admin.php:20
actionadmin_bar_menuadmin\class-promptor-admin.php:21
actionadmin_noticesadmin\class-promptor-admin.php:22
actionin_admin_headeradmin\class-promptor-admin.php:26
filteradmin_body_classadmin\class-promptor-admin.php:28
actionadmin_noticesadmin\class-promptor-list-table-pages.php:39
actionadmin_noticesadmin\class-promptor-telemetry-notice.php:22
actionadmin_noticesadmin\class-promptor-telemetry-notice.php:23
actioninitadmin\class-promptor-telemetry.php:37
actionadmin_initadmin\class-promptor-telemetry.php:43
actionpromptor_query_sentadmin\class-promptor-telemetry.php:46
actionpromptor_lead_capturedadmin\class-promptor-telemetry.php:47
actionpromptor_step_completedadmin\class-promptor-telemetry.php:48
actionpromptor_kb_updatedadmin\class-promptor-telemetry.php:49
actionadmin_post_promptor_save_telemetryadmin\settings\class-promptor-settings-telemetry.php:19
actionadmin_post_promptor_reset_telemetry_idadmin\settings\class-promptor-settings-telemetry.php:20
actionadmin_post_promptor_clear_telemetry_queueadmin\settings\class-promptor-settings-telemetry.php:21
actionadmin_post_promptor_save_ui_settingsadmin\settings\class-promptor-settings-ui.php:24
actionadmin_initincludes\class-promptor-loader.php:82
actioncurrent_screenincludes\class-promptor-loader.php:83
actionadmin_noticesincludes\class-promptor-loader.php:84
actionadmin_noticesincludes\class-promptor-loader.php:85
actionadmin_initincludes\class-promptor-loader.php:91
actionadmin_menuincludes\class-promptor-loader.php:92
actionadmin_enqueue_scriptsincludes\class-promptor-loader.php:93
actionadmin_initincludes\class-promptor-loader.php:98
actionafter_uninstallpromptor.php:108
actionplugins_loadedpromptor.php:296
actionwoocommerce_checkout_create_order_line_itempromptor.php:307
actionwoocommerce_thankyoupromptor.php:315
actionplugins_loadedpromptor.php:323
actionwp_enqueue_scriptspromptor.php:421
actionsave_postpublic\ajax-handlers\class-promptor-ajax-indexing-handler.php:26
actioninitpublic\class-promptor-public.php:37
actionwp_enqueue_scriptspublic\class-promptor-public.php:40
actionwp_footerpublic\class-promptor-public.php:46
Maintenance & Trust

Promptor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads359

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Promptor Alternatives

Live Chat & AI Chatbots – onWebChat

Live Chat & AI Chatbots – onWebChat

onwebchat

A
99

Enhance customer service with instant 24/7 AI-powered replies. Now with WooCommerce integration, so your chatbot understands your products and helps c …

800 1 CVE
AI Product Tools – Bulk Product Content Generator & AI Toolkit for WooCommerce

AI Product Tools – Bulk Product Content Generator & AI Toolkit for WooCommerce

ai-product-tools

A
100

All-in-One AI Suite for WooCommerce: Bulk generate descriptions, titles, tags, FAQs, SEO Meta & AI Chatbot via OpenAI, Gemini, Claude & OpenRouter

400 No CVEs
AI Chatbot for WordPress by Customerly

AI Chatbot for WordPress by Customerly

customerly

A
85

AI Chatbot to support customers, create engaging messages and send automated emails.

400 No CVEs
ChatLab – AI Chatbot for WordPress and WooCommerce

ChatLab – AI Chatbot for WordPress and WooCommerce

chatlab-ai-chatbot-for-your-website-gpt-powered-customer-sales-assistant

A
100

ChatLab is an AI chatbot for WordPress that learns from your website content and answers visitor questions about your services and pages.

100 No CVEs
Ochatbot – AI Chatbot for eCommerce & Support

Ochatbot – AI Chatbot for eCommerce & Support

ochatbot-and-ometrics-conversion-optimization-tools

A
100

Increase eCommerce sales and leads with Ochatbot - a free AI Chatbot.

60 No CVEs
Developer Profile

Promptor Developer Profile

Corrplus

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Promptor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/promptor/css/promptor-frontend.css/wp-content/plugins/promptor/js/promptor-frontend.js
Script Paths
/wp-content/plugins/promptor/js/promptor-frontend.js
Version Parameters
promptor/css/promptor-frontend.css?ver=promptor/js/promptor-frontend.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- promptor_widget --><!-- promptor_chat --><!-- promptor_recommendations --><!-- promptor_leads -->
Data Attributes
data-promptor-widgetdata-promptor-chatdata-promptor-recommendationsdata-promptor-leadsdata-promptor-id
JS Globals
window.PromptorConfigvar PromptorConfig
REST Endpoints
/wp-json/promptor/v1/search/wp-json/promptor/v1/recommendations/wp-json/promptor/v1/leads
Shortcode Output
[promptor_widget][promptor_chat][promptor_recommendations][promptor_leads]
FAQ

Frequently Asked Questions about Promptor