Does WebSamurai have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WebSamurai compatible with WordPress 6.9.4?

According to WordPress.org data, WebSamurai 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WebSamurai compatible with PHP 7.4+?

WebSamurai requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WebSamurai updated?

WebSamurai was last updated on Apr 1, 2026. Frequent updates are generally a positive security signal.

What is WebSamurai's security score?

WebSamurai has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WebSamurai Security & Risk Analysis

wordpress.org/plugins/websamurai

AI-powered features for WordPress with Model Context Protocol (MCP) server support and Advanced Chat

10 active installs v1.0.3 PHP 7.4+ WP 5.0+ Updated Apr 1, 2026

aiartificial-intelligencemcpmodel-context-protocolrest-api

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WebSamurai Safe to Use in 2026?

Generally Safe

Score 100/100

WebSamurai has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The WebSamurai plugin v1.0.3 exhibits a strong security posture based on the provided static analysis. A significant strength is the complete absence of any detected dangerous functions, raw SQL queries, or unsanitized paths in taint analysis. Furthermore, all output is properly escaped, and all AJAX handlers and REST API routes appear to have appropriate authorization checks, indicating good development practices in these areas. The plugin also demonstrates diligent use of nonces and capability checks, and avoids bundling potentially outdated third-party libraries.

Vulnerabilities

None known

WebSamurai Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WebSamurai Release Timeline

v1.0.3Current

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

WebSamurai Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

83 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped83 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

4 flows

websamurai_add_image_to_media_ajax (inc/ajax-handler.php:860)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WebSamurai Attack Surface

Entry Points17

Unprotected0

AJAX Handlers 7

authwp_ajax_websamurai_processinc/ajax-handler.php:72

authwp_ajax_websamurai_create_conversationinc/ajax-handler.php:229

authwp_ajax_websamurai_get_conversationinc/ajax-handler.php:360

authwp_ajax_websamurai_update_conversationinc/ajax-handler.php:576

authwp_ajax_websamurai_generate_imageinc/ajax-handler.php:723

authwp_ajax_websamurai_poll_imageinc/ajax-handler.php:853

authwp_ajax_websamurai_add_image_to_mediainc/ajax-handler.php:1017

REST API Routes 10

GET/wp-json/websamurai/v1/api-keysinc/class-websamurai-api-keys.php:39

POST/wp-json/websamurai/v1/api-keysinc/class-websamurai-api-keys.php:50

DELETE/wp-json/websamurai/v1/api-keys/(?P<id>[a-zA-Z0-9]+)inc/class-websamurai-api-keys.php:68

POST/wp-json/websamurai/v1/mcpinc/class-websamurai-mcp-server.php:124

GET/wp-json/websamurai/v1/mcp/infoinc/class-websamurai-mcp-server.php:150

GET/wp-json/websamurai/v1/oauth/statusinc/oauth-api.php:19

POST/wp-json/websamurai/v1/oauth/disconnectinc/oauth-api.php:31

POST/wp-json/websamurai/v1/oauth/refreshinc/oauth-api.php:43

GET/wp-json/websamurai/v1/prompt-instructionsinc/oauth-api.php:55

POST/wp-json/websamurai/v1/prompt-instructionsinc/oauth-api.php:67

WordPress Hooks 12

actionadmin_menuinc/class-websamurai-admin-page.php:22

actionrest_api_initinc/class-websamurai-api-keys.php:29

actionrest_api_initinc/class-websamurai-mcp-server.php:57

actionadmin_enqueue_scriptsinc/enqueue.php:57

actionwp_enqueue_scriptsinc/enqueue.php:141

actionrest_api_initinc/oauth-api.php:79

actionwpinc/oauth-cron.php:25

actionwebsamurai_daily_oauth_refreshinc/oauth-cron.php:53

actioninitinc/oauth-handler.php:23

filterquery_varsinc/oauth-handler.php:35

actiontemplate_redirectinc/oauth-handler.php:92

actionadmin_noticesinc/oauth-handler.php:108

Scheduled Events 1

websamurai_daily_oauth_refresh

Maintenance & Trust

WebSamurai Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 1, 2026

PHP min version7.4

Downloads227

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WebSamurai Alternatives

AI

100

AI features, experiments and capabilities for WordPress.

1K No CVEs

Easy MCP AI

easy-mcp-ai

100

Connect Claude, ChatGPT & any MCP-compatible AI to WordPress — create, edit & manage content without the admin panel. 100+ built-in tools. 100% free.

300 No CVEs

Enable Abilities for MCP

enable-abilities-for-mcp

100

Manage which WordPress Abilities are exposed to MCP servers. Supports WooCommerce, The Events Calendar, and any custom post type.

100 No CVEs

WPRaiz Content API Tool

wpraiz-content-api-tool

100

REST API + MCP Server for WordPress. Create, update, and manage posts programmatically. AI content generation with your own API keys (BYOK).

60 No CVEs

Angie – Agentic AI (Beta)

angie

100

Angie Code: Your expert WordPress developer, powered by AI. Build anything you can imagine without writing a single line of code.

10K No CVEs

Developer Profile

WebSamurai Developer Profile

Kiera Howe

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WebSamurai

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/websamurai/build/admin.js/wp-content/plugins/websamurai/build/admin.css/wp-content/plugins/websamurai/build/frontend.js/wp-content/plugins/websamurai/build/frontend.css

Script Paths

/wp-content/plugins/websamurai/build/admin.js/wp-content/plugins/websamurai/build/frontend.js

Version Parameters

websamurai/build/admin.asset.phpwebsamurai/build/frontend.asset.php

HTML / DOM Fingerprints

JS Globals

samurAiAdminsamurAiFrontend

REST Endpoints

websamurai/v1/api-keys

FAQ