WP-Safety

Proofread Bot Security & Risk Analysis

wordpress.org/plugins/proofread-bot

Why Proofread Bot?

50 active installs v2.2.3 PHP + WP 3.9+ Updated Dec 31, 2014
copycopyscapedmcaplagiarismprotect
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Proofread Bot Safe to Use in 2026?

Generally Safe

Score 85/100

Proofread Bot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "proofread-bot" v2.2.3 plugin exhibits a mixed security posture. While it demonstrates strengths in avoiding dangerous functions and utilizing prepared statements for SQL queries, significant concerns arise from its attack surface. The presence of four AJAX handlers, with three lacking any authentication checks, creates a substantial entry point for attackers. This, combined with a low rate of proper output escaping (17%), suggests potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed. The absence of nonce checks on AJAX handlers further exacerbates this risk, making it easier for attackers to trigger these actions. The plugin's vulnerability history is notably clean, with no recorded CVEs, which is a positive indicator. However, this lack of history should not overshadow the immediate risks identified in the static analysis, particularly the unprotected AJAX endpoints. In conclusion, while the plugin appears to be free of known historical vulnerabilities and employs good practices for database interaction, the current version has critical security weaknesses related to its attack surface and output handling that require immediate attention.

Key Concerns

  • 3 AJAX handlers without auth checks
  • Low rate of output escaping (17%)
  • 0 Nonce checks on AJAX handlers
  • 6 File operations with no context
  • 3 External HTTP requests with no context
Vulnerabilities
None known

Proofread Bot Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Proofread Bot Release Timeline

v2.18
v2.17
v2.16
v2.15
v2.14
v2.13
v2.12
v2.11
v2.10
v2.09
v2.08
v2.07
v2.06
v2.05
v2.04
v2.03
v2.2.3Current
v2.2.2
v2.2.1
v2.02
Code Analysis
Analyzed Apr 16, 2026

Proofread Bot Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
4 escaped
Nonce Checks
0
Capability Checks
3
File Operations
6
External Requests
3
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

17% escaped24 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<config-unignore> (config-unignore.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Proofread Bot Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 4

authwp_ajax_proxy_PBotpbot.php:272
authwp_ajax_PBot_ignorepbot.php:273
authwp_ajax_PBot_settingspbot.php:274
authwp_ajax_post_check_PBotpbot.php:362
WordPress Hooks 14
actionproofread_botpbot.php:13
filtermce_external_pluginspbot.php:72
filtermce_buttonspbot.php:73
filterwp_fullscreen_buttonspbot.php:254
filtertiny_mce_before_initpbot.php:261
actionadmin_enqueue_scriptspbot.php:264
actionadmin_enqueue_scriptspbot.php:266
actioninitpbot.php:269
actionadd_meta_boxespbot.php:288
filterthe_contentpbot.php:392
actionplugins_loadedpbot.php:395
actionadmin_menupbot.php:422
actionadmin_initpbot.php:445
filterplugin_action_linkspbot.php:590
Maintenance & Trust

Proofread Bot Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40
Last updatedDec 31, 2014
PHP min version
Downloads22K

Community Trust

Rating80/100
Number of ratings1
Active installs50
Alternatives

Proofread Bot Alternatives

ContentTrace

ContentTrace

contenttrace

A
100

Protect your WordPress content with invisible fingerprints and dual detection technology. Find who copied your posts and prove ownership.

0 No CVEs
Copyscape Premium

Copyscape Premium

copyscape-premium

A
98

The Copyscape Premium plugin lets you check if a WordPress post is unique before it's published, by searching for duplicate content on the web.

1K 2 CVEs
DMCA Protection Badge

DMCA Protection Badge

dmca-badge

B
78

The DMCA Protection plugin for WordPress lets you install protection badges on your site in order to deter content thieves and protect your content

1K 1 unpatched
Copyscape Post Checker

Copyscape Post Checker

copyscape

A
85

This plugin will allow administrators to chek posts against copyscape via the copyscape API.

30 No CVEs
DMCA WaterMarker

DMCA WaterMarker

dmca-watermarker

A
85

The DMCA WaterMarker plugin for WordPress lets you enable DMCA WaterMarking for a specific folder on your site in order to deter image thieves and pro &hellip;

10 1 CVE
Developer Profile

Proofread Bot Developer Profile

giorgio79

2 plugins · 60 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Proofread Bot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/proofread-bot/pbot.core.js/wp-content/plugins/proofread-bot/PBot-nonvis-editor-plugin.js/wp-content/plugins/proofread-bot/jquery.PBot.js/wp-content/plugins/proofread-bot/PBot-autoproofread.js/wp-content/plugins/proofread-bot/pbot.css
Script Paths
/proofread-bot/tinymce/plugin_v4.js/proofread-bot/tinymce/plugin_v3.js
Version Parameters
proofread-bot/pbot.core.js?ver=proofread-bot/pbot.css?ver=proofread-bot/tinymce/plugin_v4.js?v=

HTML / DOM Fingerprints

Data Attributes
data-pbot-rpc-urldata-pbot-rpc-iddata-pbot-ignore-rpc-urldata-pbot-themedata-pbot-ignore-enabledata-pbot-strip-on-get+2 more
JS Globals
PBotPBot_check_when
REST Endpoints
/wp-json/proofread_bot/v1/settings/wp-json/proofread_bot/v1/ignore/wp-json/proofread_bot/v1/check
FAQ

Frequently Asked Questions about Proofread Bot