WP-Safety

Quikwit – AI Chatbot Security & Risk Analysis

wordpress.org/plugins/quikwit-ai-chatbot

An easy-to-use AI chatbot platform that can answer customer questions, engage visitors, and improve conversions.

0 active installs v1.0 PHP 7.4+ WP 6.0+ Updated Nov 27, 2025
ai-chatbotlead-generationlive-chatquikwit-chatbotsupport-chat
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Quikwit – AI Chatbot Safe to Use in 2026?

Generally Safe

Score 100/100

Quikwit – AI Chatbot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The 'quikwit-ai-chatbot' plugin v1.0 exhibits a generally good security posture, with strong adherence to secure coding practices in several key areas. The complete absence of dangerous functions, raw SQL queries, and file operations is a significant positive. Furthermore, the near-perfect output escaping and the use of prepared statements for all SQL queries indicate careful development. The plugin also avoids bundled libraries, which can often be a source of vulnerabilities.

However, there are notable security concerns. The presence of one REST API route without a permission callback represents a critical weakness, as it could potentially be accessed and exploited by unauthenticated users. The lack of nonce checks on AJAX handlers is also a red flag, opening the door to CSRF attacks. While there is no vulnerability history, which is positive, this also means the plugin hasn't been rigorously tested in the wild for latent issues.

In conclusion, while the plugin demonstrates good fundamental security practices, the unprotected REST API route and the absence of nonce checks on AJAX handlers introduce significant risks that need immediate attention. The lack of known vulnerabilities is encouraging but doesn't negate the identified code-level weaknesses. Prioritizing the remediation of the unprotected API endpoint and implementing nonce checks is crucial for improving the plugin's overall security.

Key Concerns

  • REST API route without permission callback
  • 0 Nonce checks on AJAX handlers
Vulnerabilities
None known

Quikwit – AI Chatbot Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Quikwit – AI Chatbot Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Quikwit – AI Chatbot Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
39 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
9
Bundled Libraries
0

Output Escaping

98% escaped40 total outputs
Attack Surface
1 unprotected

Quikwit – AI Chatbot Attack Surface

Entry Points6
Unprotected1

REST API Routes 6

GET/wp-json/quikwit/v1/auth-urlsrc\RestController.php:18
GET/wp-json/quikwit/v1/oauth-callbacksrc\RestController.php:25
POST/wp-json/quikwit/v1/fetch-tokensrc\RestController.php:32
POST/wp-json/quikwit/v1/save-settingssrc\RestController.php:40
POST/wp-json/quikwit/v1/register-sitesrc\RestController.php:48
POST/wp-json/quikwit/v1/crawl-nowsrc\RestController.php:55
WordPress Hooks 7
actionadmin_noticesquikwit-ai-chatbot.php:46
actionsave_postsrc\Plugin.php:26
actionbefore_delete_postsrc\Plugin.php:27
actionadmin_menusrc\Plugin.php:32
actionadmin_enqueue_scriptssrc\Plugin.php:33
actionwp_enqueue_scriptssrc\Plugin.php:34
actionrest_api_initsrc\Plugin.php:35
Maintenance & Trust

Quikwit – AI Chatbot Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 27, 2025
PHP min version7.4
Downloads122

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Quikwit – AI Chatbot Alternatives

Live Chat & AI Chatbot – onWebChat

Live Chat & AI Chatbot – onWebChat

onwebchat

A
99

Add live chat and a 24/7 AI chatbot to your site. Engage visitors instantly, automate support, and convert more visitors into customers.

700 1 CVE
AI Chatbot, Live Chat & Lead Generation for WordPress

AI Chatbot, Live Chat & Lead Generation for WordPress

ai-chatbot-live-chat-for-wordpress-using-chatgpt

A
100

Add a WordPress AI Chatbot to your site powered by Google Gemini. Manage AI agents, knowledge bases, live chat, and analytics from your dashboard.

100 No CVEs
AI Chatbot by Text

AI Chatbot by Text

ai-chatbot-by-text

A
100

AI-native customer service engine for ecommerce growth. Turn conversations into measurable revenue.

0 No CVEs
AI Chatbot by Botami – Smart AI Assistant for Customer Support & Lead Generation

AI Chatbot by Botami – Smart AI Assistant for Customer Support & Lead Generation

botami-chatbot

A
100

Transform your WordPress site with an AI-powered chatbot. Automate support, capture leads, and boost conversions 24/7 with advanced AI technology.

0 No CVEs
Hashtechy Chatbot

Hashtechy Chatbot

hashtechy-chatbot

A
100

Instant AI chatbot for WordPress with modern UI, analytics, and easy integration.

0 No CVEs
Developer Profile

Quikwit – AI Chatbot Developer Profile

quikwit

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Quikwit – AI Chatbot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quikwit-ai-chatbot/assets/css/quikwit.css/wp-content/plugins/quikwit-ai-chatbot/assets/js/quikwit.js/wp-content/plugins/quikwit-ai-chatbot/assets/images/logo.png
Script Paths
quikwit-ai-chatbot/assets/js/quikwit.js
Version Parameters
quikwit-ai-chatbot/assets/css/quikwit.css?ver=quikwit-ai-chatbot/assets/js/quikwit.js?ver=

HTML / DOM Fingerprints

CSS Classes
quikwit-wrapquikwit-main-headquikwit-content-outerquikwit-content-boxquikwit-status-boxquikwit-connected-statusquikwit-disconnected-status
Data Attributes
data-quikwit-api-url
JS Globals
quikwit_plugin_settings
REST Endpoints
/wp-json/quikwit-ai-chatbot/v1/settings
FAQ

Frequently Asked Questions about Quikwit – AI Chatbot