WP-Safety

SEO Magic – AI SEO Assistant Security & Risk Analysis

wordpress.org/plugins/seo-magico

SEO Magic is an AI-powered SEO assistant that helps you write high-quality metadata, optimize content, improve image SEO and analyze your site’s techn …

20 active installs v1.2.2 PHP 7.4+ WP 6.3+ Updated Mar 13, 2026
aicontentimagesmetadataseo
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SEO Magic – AI SEO Assistant Safe to Use in 2026?

Generally Safe

Score 100/100

SEO Magic – AI SEO Assistant has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

The "seo-magico" plugin v1.2.2 demonstrates a generally good security posture with strong practices in SQL query sanitization and output escaping. The extensive use of prepared statements for all SQL queries and a high percentage of properly escaped outputs are significant strengths. Furthermore, the absence of known historical vulnerabilities suggests a responsible development team. However, the plugin does present some areas of concern. The presence of two AJAX handlers without authentication checks exposes potential entry points that could be exploited if malicious data is passed. Additionally, the taint analysis reveals four high-severity flows with unsanitized paths, which warrants further investigation as these could lead to vulnerabilities if not handled carefully. The bundled Freemius library, while not explicitly stated as outdated, is a potential area of risk if it contains known vulnerabilities not flagged in the plugin's history.

In conclusion, while "seo-magico" has strong foundational security practices, the identified unprotected AJAX endpoints and high-severity taint flows are critical areas that need immediate attention. The lack of historical vulnerabilities is a positive indicator, but the current code analysis points to specific risks that could undermine this otherwise secure foundation. Addressing these issues will significantly improve the plugin's overall security.

Key Concerns

  • AJAX handlers without authentication checks
  • High severity unsanitized paths in taint analysis
  • Bundled Freemius v1.0 library
Vulnerabilities
None known

SEO Magic – AI SEO Assistant Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SEO Magic – AI SEO Assistant Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
31
486 escaped
Nonce Checks
47
Capability Checks
49
File Operations
6
External Requests
16
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared20 total queries

Output Escaping

94% escaped517 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

19 flows11 with unsanitized paths
generate_image_seo (includes\ajax\class-smg-ajax-media-handler.php:94)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

SEO Magic – AI SEO Assistant Attack Surface

Entry Points44
Unprotected2

AJAX Handlers 44

authwp_ajax_smg_get_full_post_contentincludes\ajax\class-smg-ajax-assistant-handler.php:12
authwp_ajax_smg_assistant_optimize_contentincludes\ajax\class-smg-ajax-assistant-handler.php:13
authwp_ajax_smg_assistant_save_postincludes\ajax\class-smg-ajax-assistant-handler.php:14
authwp_ajax_smg_assistant_direct_save_postincludes\ajax\class-smg-ajax-assistant-handler.php:15
authwp_ajax_smg_assistant_generate_faqincludes\ajax\class-smg-ajax-assistant-handler.php:16
authwp_ajax_smg_assistant_generate_smart_schemaincludes\ajax\class-smg-ajax-assistant-handler.php:17
authwp_ajax_smg_assistant_suggest_keywordincludes\ajax\class-smg-ajax-assistant-handler.php:19
authwp_ajax_smg_start_recalculationincludes\ajax\class-smg-ajax-dashboard-handler.php:10
authwp_ajax_smg_process_recalc_batchincludes\ajax\class-smg-ajax-dashboard-handler.php:11
authwp_ajax_smg_get_recalculation_progressincludes\ajax\class-smg-ajax-dashboard-handler.php:12
authwp_ajax_smg_submit_deactivation_feedbackincludes\ajax\class-smg-ajax-feedback-handler.php:13
authwp_ajax_smg_get_linking_suggestionsincludes\ajax\class-smg-ajax-linking-handler.php:35
authwp_ajax_smg_insert_linkincludes\ajax\class-smg-ajax-linking-handler.php:36
authwp_ajax_smg_get_mediaincludes\ajax\class-smg-ajax-media-handler.php:10
authwp_ajax_smg_generate_image_seoincludes\ajax\class-smg-ajax-media-handler.php:11
authwp_ajax_smg_get_image_metaincludes\ajax\class-smg-ajax-media-handler.php:12
authwp_ajax_smg_save_image_metaincludes\ajax\class-smg-ajax-media-handler.php:13
authwp_ajax_smg_generate_image_fields_for_modalincludes\ajax\class-smg-ajax-media-handler.php:14
authwp_ajax_smg_generate_single_image_fieldincludes\ajax\class-smg-ajax-media-handler.php:15
authwp_ajax_smg_get_postsincludes\ajax\class-smg-ajax-posts-handler.php:10
authwp_ajax_smg_get_post_metaincludes\ajax\class-smg-ajax-posts-handler.php:11
authwp_ajax_smg_save_post_metaincludes\ajax\class-smg-ajax-posts-handler.php:12
authwp_ajax_smg_generate_from_uiincludes\ajax\class-smg-ajax-posts-handler.php:13
authwp_ajax_smg_generate_in_modalincludes\ajax\class-smg-ajax-posts-handler.php:14
authwp_ajax_smg_test_api_connectionincludes\ajax\class-smg-ajax-settings-handler.php:13
authwp_ajax_smg_dismiss_initial_scanincludes\ajax\class-smg-ajax-settings-handler.php:14
authwp_ajax_smg_export_settingsincludes\ajax\class-smg-ajax-settings-handler.php:15
authwp_ajax_smg_save_themeincludes\ajax\class-smg-ajax-settings-handler.php:16
authwp_ajax_smg_dismiss_review_noticeincludes\ajax\class-smg-ajax-settings-handler.php:17
authwp_ajax_smg_dismiss_footer_starsincludes\ajax\class-smg-ajax-settings-handler.php:20
authwp_ajax_smg_sh_startincludes\ajax\class-smg-ajax-site-health-handler.php:13
authwp_ajax_smg_sh_next_batchincludes\ajax\class-smg-ajax-site-health-handler.php:14
authwp_ajax_smg_run_site_health_analysisincludes\ajax\class-smg-ajax-site-health-handler.php:17
authwp_ajax_smg_get_google_auth_urlincludes\ajax\class-smg-google-auth-handler.php:54
authwp_ajax_smg_check_google_auth_statusincludes\ajax\class-smg-google-auth-handler.php:55
authwp_ajax_smg_disconnect_google_accountincludes\ajax\class-smg-google-auth-handler.php:56
authwp_ajax_smg_get_gsc_sitesincludes\ajax\class-smg-google-auth-handler.php:57
authwp_ajax_smg_process_backlink_fileincludes\ajax\class-smg-google-auth-handler.php:58
authwp_ajax_smg_fetch_gsc_linking_domainsincludes\ajax\class-smg-google-auth-handler.php:59
authwp_ajax_smg_analyze_gsc_domainsincludes\ajax\class-smg-google-auth-handler.php:60
authwp_ajax_smg_woo_generate_titleincludes\woo\class-smg-ajax-woo-handler.php:10
authwp_ajax_smg_woo_generate_descriptionincludes\woo\class-smg-ajax-woo-handler.php:11
authwp_ajax_smg_woo_generate_short_descincludes\woo\class-smg-ajax-woo-handler.php:12
authwp_ajax_smg_woo_suggest_tagsincludes\woo\class-smg-ajax-woo-handler.php:13
WordPress Hooks 44
actionadmin_menuincludes\admin\menu.php:7
actionadd_meta_boxesincludes\admin\meta-boxes.php:7
actionadmin_initincludes\admin\settings-api.php:9
actionadmin_noticesincludes\admin-notices.php:7
actionadmin_enqueue_scriptsincludes\admin-notices.php:101
actionadmin_initincludes\admin-pages.php:16
actionadmin_initincludes\admin-pages.php:39
actionadmin_initincludes\admin-pages.php:58
filteraioseo_meta_tagsincludes\ajax\class-smg-ajax-assistant-handler.php:10
actioninitincludes\ajax\class-smg-ajax-site-health-handler.php:181
actionadmin_initincludes\ajax\class-smg-google-auth-handler.php:61
actionhttp_api_curlincludes\api-calls.php:939
actionsmg_autopilot_cron_eventincludes\autopilot.php:11
actionsmg_async_process_postincludes\autopilot.php:158
actionsave_postincludes\autopilot.php:163
actionsmg_recalculation_cron_hookincludes\autopilot.php:275
actionsave_postincludes\core-functions.php:637
actionplugins_loadedincludes\core-functions.php:650
filterwpseo_schema_graphincludes\core-functions.php:659
filterwpseo_opengraph_imageincludes\core-functions.php:660
filterrank_math/json_ldincludes\core-functions.php:663
filterrank_math/opengraph/facebook/imageincludes\core-functions.php:664
filteraioseo_schema_graphsincludes\core-functions.php:668
actionwp_headincludes\core-functions.php:669
actionsave_postincludes\core-functions.php:847
actionwp_headincludes\core-functions.php:1060
actionadd_attachmentincludes\core-functions.php:1335
filterwp_update_attachment_metadataincludes\core-functions.php:1401
actionwp_dashboard_setupincludes\dashboard-widgets.php:10
actionadmin_enqueue_scriptsincludes\enqueue.php:65
actionadmin_footerincludes\enqueue.php:113
actionadmin_print_footer_scriptsincludes\enqueue.php:120
actionadmin_print_footer_scriptsincludes\enqueue.php:200
actionsm_fs_loadedincludes\freemius-menu-visibility.php:23
filteris_pricing_page_visibleincludes\freemius-menu-visibility.php:35
filteris_submenu_visibleincludes\freemius-menu-visibility.php:38
actionadmin_menuincludes\license-handler.php:39
actionadmin_initincludes\license-handler.php:52
actionadmin_initincludes\license-handler.php:177
actionsmg_daily_license_checkincludes\license-handler.php:186
actioninitincludes\woo-module.php:17
actionplugins_loadedseo-magico.php:46
actionupdate_option_smg_settingsseo-magico.php:129
actionadmin_enqueue_scriptsseo-magico.php:160

Scheduled Events 3

smg_async_process_post
smg_daily_license_check
smg_autopilot_cron_event
Maintenance & Trust

SEO Magic – AI SEO Assistant Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads671

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

SEO Magic – AI SEO Assistant Alternatives

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools

getgenie

A
95

GPT-4o powered AI content writer with 37+ templates, chatbot, AI image, NLP keyword research, SEO analysis for WordPress, Gutenberg & Elementor.

70K 4 CVEs
Featured Images in RSS for Mailchimp & More

Featured Images in RSS for Mailchimp & More

featured-images-for-rss-feeds

A
100

Send images to RSS instantly for free. Output blog or WooCommerce photos to Mailchimp RSS email campaigns, ActiveCampaign, Hubspot, Feedly and more.

20K No CVEs
Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI

Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI

alt-manager

A
98

Automatically bulk change images alt text to dynamic alt tags values related to content or media and also generate empty values.

7K 2 CVEs
AIKTP

AIKTP

aiktp

A
99

AI-powered content automation. Generate SEO-optimized articles and WooCommerce product descriptions with bulk generation support.

3K 1 CVE
Semrush Content Toolkit

Semrush Content Toolkit

semrush-contentshake

A
99

Create SEO-friendly content that brings traffic.

2K 1 CVE
Developer Profile

SEO Magic – AI SEO Assistant Developer Profile

Maira Foresto

2 plugins · 620 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SEO Magic – AI SEO Assistant

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/seo-magico/assets/css/modules/_pro-lock.css/wp-content/plugins/seo-magico/assets/js/pro-lock.js
Script Paths
/wp-content/plugins/seo-magico/assets/js/pro-lock.js
Version Parameters
seo-magico/assets/css/modules/_pro-lock.css?ver=seo-magico/assets/js/pro-lock.js?ver=

HTML / DOM Fingerprints

CSS Classes
smg-review-noticesmg-review-notice-iconsmg-review-notice-logosmg-review-notice-content
Data Attributes
data-smg-alert-messagedata-smg-license-url
JS Globals
smg_lock_vars
FAQ

Frequently Asked Questions about SEO Magic – AI SEO Assistant