WP-Safety

Superdraft Security & Risk Analysis

wordpress.org/plugins/superdraft

A free WordPress plugin providing AI-powered writing assistance, image generation and editing, smart tagging, and autocomplete for better workflow.

20 active installs v1.1.4 PHP 7.4+ WP 6.0+ Updated Dec 11, 2025
aiautocompleteautomationopenaiwriting
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Superdraft Safe to Use in 2026?

Generally Safe

Score 100/100

Superdraft has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

Based on the provided static analysis and vulnerability history, the 'superdraft' plugin version 1.1.4 exhibits a strong security posture. The code analysis reveals no dangerous functions, all SQL queries are properly prepared, and all output is correctly escaped, indicating good development practices. Furthermore, the complete absence of known CVEs and a clean vulnerability history suggest a commitment to security by the developers or a lack of past exploitable issues. The plugin also demonstrates robust security checks with a significant number of nonce and capability checks across its entry points.

While the plugin performs well in core security metrics, a notable area to consider is the presence of file operations and external HTTP requests. Although the analysis doesn't explicitly detail any vulnerabilities related to these, any implementation in these areas always carries inherent risks that require careful review. The taint analysis showing zero flows with unsanitized paths is a positive sign, but it's crucial to remember that static analysis is not exhaustive. The lack of any identified vulnerabilities or high-risk code signals is reassuring, and the plugin appears to be well-secured against common attack vectors.

Vulnerabilities
None known

Superdraft Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Superdraft Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
0
119 escaped
Nonce Checks
5
Capability Checks
12
File Operations
3
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared5 total queries

Output Escaping

100% escaped119 total outputs
Attack Surface

Superdraft Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 3

authwp_ajax_superdraft_add_modelincludes\admin\class-admin.php:39
authwp_ajax_superdraft_remove_modelincludes\admin\class-admin.php:40
authwp_ajax_superdraft_suggest_termsincludes\admin\class-tags-categories.php:47

REST API Routes 7

POST/wp-json/superdraft/v1/autocompleteincludes\admin\class-autocomplete.php:90
POST/wp-json/superdraft/v1/smartcomposeincludes\admin\class-autocomplete.php:129
POST/wp-json/superdraft/v1/image/generateincludes\admin\class-images.php:52
POST/wp-json/superdraft/v1/image/editincludes\admin\class-images.php:73
POST/wp-json/superdraft/v1/image/generate-promptincludes\admin\class-images.php:93
POST/wp-json/superdraft/v1/taxonomy-autoselectincludes\admin\class-tags-categories.php:55
POST/wp-json/superdraft/v1/writing-tips/analyzeincludes\admin\class-writing-tips.php:63
WordPress Hooks 26
actionadmin_menuincludes\admin\class-admin.php:31
actionadmin_initincludes\admin\class-admin.php:32
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:33
actionenqueue_block_editor_assetsincludes\admin\class-autocomplete.php:30
actionrest_api_initincludes\admin\class-autocomplete.php:31
actionrest_api_initincludes\admin\class-autocomplete.php:32
actionenqueue_block_assetsincludes\admin\class-autocomplete.php:34
actionenqueue_block_editor_assetsincludes\admin\class-images.php:24
actionrest_api_initincludes\admin\class-images.php:25
actionrest_api_initincludes\admin\class-tags-categories.php:29
actionenqueue_block_editor_assetsincludes\admin\class-tags-categories.php:30
filterbulk_actions-edit-postincludes\admin\class-tags-categories.php:33
filterhandle_bulk_actions-edit-postincludes\admin\class-tags-categories.php:34
actionsuperdraft_process_autoselectincludes\admin\class-tags-categories.php:37
actionadmin_noticesincludes\admin\class-tags-categories.php:40
actionadmin_initincludes\admin\class-tags-categories.php:41
actionsuperdraft_bulk_process_completedincludes\admin\class-tags-categories.php:42
actioncategory_add_form_fieldsincludes\admin\class-tags-categories.php:45
actionpost_tag_add_form_fieldsincludes\admin\class-tags-categories.php:46
actionadmin_enqueue_scriptsincludes\admin\class-tags-categories.php:48
actionenqueue_block_editor_assetsincludes\admin\class-writing-tips.php:28
actionrest_api_initincludes\admin\class-writing-tips.php:29
actionsave_postincludes\admin\class-writing-tips.php:30
actioninitincludes\admin\class-writing-tips.php:31
actionhttp_api_curlincludes\api\class-openai-image-api.php:203
actionplugins_loadedsuperdraft.php:45
Maintenance & Trust

Superdraft Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 11, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Superdraft Alternatives

AI Ghostwriter Lite

AI Ghostwriter Lite

ai-ghostwriter

A
100

AI-powered content planning, generation, and publishing for WordPress using OpenAI GPT models.

0 No CVEs
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

uncanny-automator

B
83

Uncanny Automator is the easiest and most powerful way to connect your WordPress plugins, sites and apps together with powerful automations.

50K 11 CVEs
Hyve Lite — Conversational AI Chatbot

Hyve Lite — Conversational AI Chatbot

hyve-lite

A
99

Hyve is an AI-powered chatbot that transforms your WordPress content into engaging conversations.

7K 1 CVE
WordClever – AI Content Writer

WordClever – AI Content Writer

wordclever-ai-content-writer

A
100

WordClever AI Content Writer generates SEO-friendly product descriptions, meta titles, and more for WooCommerce with just a few clicks.

3K No CVEs
AI Blog Automator

AI Blog Automator

ai-blog-automator

A
100

Automatically generate and publish SEO-optimized blog posts using AI with customizable scheduling. Pro version includes custom prompt templates.

40 No CVEs
Developer Profile

Superdraft Developer Profile

pbalazs

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Superdraft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/superdraft/assets/admin/css/superdraft-admin.css/wp-content/plugins/superdraft/assets/admin/js/superdraft-admin.js
Script Paths
/wp-content/plugins/superdraft/assets/admin/js/superdraft-admin.js
Version Parameters
superdraft/assets/admin/css/superdraft-admin.css?ver=superdraft/assets/admin/js/superdraft-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
superdraft-admin-pagesuperdraft-settings-sectionsuperdraft-api-logs-page
HTML Comments
<!-- Superdraft API Logs Table --><!-- End Superdraft API Logs Table -->
Data Attributes
data-superdraft-moduledata-superdraft-setting-key
JS Globals
SuperdraftAdmin
FAQ

Frequently Asked Questions about Superdraft