Rootz AI Discovery Security & Risk Analysis

wordpress.org/plugins/rootz-ai-discovery

Make your WordPress site AI-agent-ready. Structured identity, policies, content API, and WebMCP tools at /.well-known/ai.

10 active installs v2.3.3 PHP 7.4+ WP 6.0+ Updated Mar 31, 2026
aiai-agentdiscoveryseostructured-data
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Rootz AI Discovery Safe to Use in 2026?

Generally Safe

Score 100/100

Rootz AI Discovery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The rootz-ai-discovery v2.3.3 plugin demonstrates a generally strong security posture based on the provided static analysis. The plugin exhibits good practices by employing prepared statements for all SQL queries and a high rate of properly escaped output. Furthermore, the absence of file operations and a limited number of external HTTP requests are positive indicators. The plugin also includes a reasonable number of nonce and capability checks, suggesting an awareness of common WordPress security vulnerabilities.

However, the static analysis did not reveal any taint flows, which means potential vulnerabilities related to unsanitized user input leading to malicious code execution or data manipulation could be present but were not detected by this specific analysis. While the vulnerability history is clean, this could also mean that the plugin has not been extensively targeted or audited for all types of vulnerabilities. The presence of cron events as an entry point, even if protected, warrants careful monitoring.

Overall, rootz-ai-discovery v2.3.3 appears to be built with security in mind, particularly in its handling of database interactions and output. The lack of reported vulnerabilities in its history is a positive sign. However, the absence of taint flow analysis means that certain classes of vulnerabilities might still exist. Continued vigilance and a comprehensive audit, including dynamic analysis, would be prudent.

Key Concerns

  • No critical or high severity taint flows found
  • 100% SQL queries use prepared statements
  • 99% of outputs are properly escaped
  • No raw SQL queries detected
  • No file operations detected
  • No dangerous functions found
  • No known unpatched CVEs
  • No critical or high severity vulnerabilities in history
  • No critical or high severity taint flows found
  • No unprotected AJAX handlers
  • No unprotected REST API routes
  • No shortcodes found
  • No bundled libraries with potential for outdated issues
Vulnerabilities
None known

Rootz AI Discovery Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Rootz AI Discovery Release Timeline

v2.3.3Current
v2.3.2
Code Analysis
Analyzed Apr 16, 2026

Rootz AI Discovery Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
18 prepared
Unescaped Output
11
860 escaped
Nonce Checks
7
Capability Checks
11
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

100% prepared18 total queries

Output Escaping

99% escaped871 total outputs
Attack Surface

Rootz AI Discovery Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 29
actionadmin_menuadmin/class-rootz-admin.php:21
actionadmin_initadmin/class-rootz-admin.php:22
actionadmin_initadmin/class-rootz-admin.php:23
actionadmin_initadmin/class-rootz-admin.php:24
actionadmin_initadmin/class-rootz-admin.php:25
actionadmin_initadmin/class-rootz-admin.php:26
actionadmin_initadmin/class-rootz-admin.php:27
actionadmin_initadmin/class-rootz-admin.php:29
actionadmin_initadmin/class-rootz-admin.php:30
actionadmin_initadmin/class-rootz-admin.php:31
actionupdate_option_rootz_registry_consentadmin/class-rootz-admin.php:33
actionupdate_option_rootz_owner_identityadmin/class-rootz-admin.php:35
actionadmin_enqueue_scriptsadmin/class-rootz-admin.php:38
actionshutdownincludes/class-rootz-metrics.php:70
filterredirect_canonicalrootz-ai-discovery.php:141
actioninitrootz-ai-discovery.php:143
filterquery_varsrootz-ai-discovery.php:170
actiontemplate_redirectrootz-ai-discovery.php:313
actionwp_headrootz-ai-discovery.php:412
actionsend_headersrootz-ai-discovery.php:424
actionwp_enqueue_scriptsrootz-ai-discovery.php:456
actionrest_api_initrootz-ai-discovery.php:465
filterrest_post_dispatchrootz-ai-discovery.php:484
actiontemplate_redirectrootz-ai-discovery.php:495
actioninitrootz-ai-discovery.php:505
actionrootz_metrics_prunerootz-ai-discovery.php:506
actionupdated_optionrootz-ai-discovery.php:571
actionsave_postrootz-ai-discovery.php:584
actionadmin_noticesrootz-ai-discovery.php:652

Scheduled Events 1

rootz_metrics_prune
Maintenance & Trust

Rootz AI Discovery Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 31, 2026
PHP min version7.4
Downloads148

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Rootz AI Discovery Developer Profile

skswave

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Rootz AI Discovery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rootz-ai-discovery/assets/css/admin.css/wp-content/plugins/rootz-ai-discovery/assets/js/admin.js
Script Paths
/wp-content/plugins/rootz-ai-discovery/assets/js/admin.js
Version Parameters
rootz-ai-discovery/assets/css/admin.css?ver=rootz-ai-discovery/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
rootz-ai-discovery-admin-page
HTML Comments
<!-- Start Rootz AI Discovery Admin Page --><!-- End Rootz AI Discovery Admin Page -->
Data Attributes
data-rootz-ai-discovery-admin-page
JS Globals
window.RootzAIDiscoveryAdmin
FAQ

Frequently Asked Questions about Rootz AI Discovery