WP-Safety

WordAI Security & Risk Analysis

wordpress.org/plugins/wordai

AI content and image generator for WordPress with OpenAI and Google Gemini support.

10 active installs v2.0.0 PHP 7.4+ WP 6.0+ Updated Feb 26, 2026
ai-geminiai-imageai-seocontent-generatoropenai
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WordAI Safe to Use in 2026?

Generally Safe

Score 100/100

WordAI has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "wordai" v2.0.0 plugin demonstrates a generally strong security posture based on the provided static analysis. The plugin has a significant attack surface with 42 AJAX handlers, but reassuringly, all of them include authentication checks, which is a critical security control. The absence of exposed REST API routes, shortcodes, or cron events further limits potential entry points. Furthermore, the use of prepared statements for all SQL queries and a high percentage of properly escaped output are excellent practices that mitigate common web vulnerabilities like SQL injection and Cross-Site Scripting (XSS). The plugin also implements a good number of nonce and capability checks, indicating an awareness of secure coding principles.

However, there are a few areas that warrant attention. The presence of three instances of `ini_set` can sometimes be a vector for abuse if not carefully implemented, potentially allowing for modification of server settings. While the taint analysis shows no critical or high severity unsanitized flows, and there's no known vulnerability history, the limited number of taint flows analyzed (4) means that a comprehensive understanding of all potential data flow risks might be incomplete. The 5 file operations and 10 external HTTP requests, while not inherently dangerous, require careful review to ensure they are not misused. Overall, the plugin is well-developed from a security standpoint with robust authentication and data handling, but vigilance around `ini_set` and the scope of taint analysis is recommended.

Key Concerns

  • Use of dangerous function 'ini_set'
Vulnerabilities
None known

WordAI Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WordAI Release Timeline

v2.0.0Current
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

WordAI Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
2 prepared
Unescaped Output
52
668 escaped
Nonce Checks
35
Capability Checks
9
File Operations
5
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

ini_set@ini_set( 'output_buffering', 'off' );includes/class-sftcy-wordai-ajaxhandler.php:42
ini_set@ini_set( 'zlib.output_compression', 0 );includes/class-sftcy-wordai-ajaxhandler.php:43
ini_set@ini_set( 'implicit_flush', 1 );includes/class-sftcy-wordai-ajaxhandler.php:44

SQL Query Safety

100% prepared2 total queries

Output Escaping

93% escaped720 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
sc_wordai_ai_provider_save (includes/class-sftcy-wordai-ajaxhandler.php:424)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WordAI Attack Surface

Entry Points42
Unprotected0

AJAX Handlers 42

authwp_ajax_sc_wordai_api_testincludes/class-sftcy-wordai-ajaxhandler.php:50
authwp_ajax_sc_wordai_ai_provider_saveincludes/class-sftcy-wordai-ajaxhandler.php:51
authwp_ajax_wordai_api_key_showincludes/class-sftcy-wordai-ajaxhandler.php:52
authwp_ajax_wordai_openai_api_key_data_saveincludes/class-sftcy-wordai-ajaxhandler.php:53
authwp_ajax_sc_wordai_openai_apisettings_dataincludes/class-sftcy-wordai-ajaxhandler.php:55
authwp_ajax_sc_wordai_openai_apisettings_reset_dataincludes/class-sftcy-wordai-ajaxhandler.php:56
authwp_ajax_sc_wordai_openai_content_settings_dataincludes/class-sftcy-wordai-ajaxhandler.php:58
authwp_ajax_sc_wordai_openai_content_settings_reset_dataincludes/class-sftcy-wordai-ajaxhandler.php:59
authwp_ajax_sc_wordai_openai_image_settings_dataincludes/class-sftcy-wordai-ajaxhandler.php:61
authwp_ajax_sc_wordai_openai_image_settings_reset_dataincludes/class-sftcy-wordai-ajaxhandler.php:62
authwp_ajax_sc_wordai_get_provider_runtime_settingsincludes/class-sftcy-wordai-ajaxhandler.php:63
authwp_ajax_sc_wordai_write_titlesincludes/class-sftcy-wordai-ajaxhandler.php:67
authwp_ajax_sc_wordai_write_suggest_titlesincludes/class-sftcy-wordai-ajaxhandler.php:68
authwp_ajax_sc_wordai_update_suggest_titleincludes/class-sftcy-wordai-ajaxhandler.php:69
authwp_ajax_sc_wordai_write_contentincludes/class-sftcy-wordai-ajaxhandler.php:70
authwp_ajax_sc_wordai_write_excerptincludes/class-sftcy-wordai-ajaxhandler.php:71
authwp_ajax_sc_wordai_write_tagsincludes/class-sftcy-wordai-ajaxhandler.php:72
authwp_ajax_sc_wordai_save_tagsincludes/class-sftcy-wordai-ajaxhandler.php:73
authwp_ajax_sc_wordai_write_seo_titlesincludes/class-sftcy-wordai-ajaxhandler.php:74
authwp_ajax_sc_wordai_write_seo_meta_descriptionincludes/class-sftcy-wordai-ajaxhandler.php:75
authwp_ajax_sc_wordai_write_seo_meta_focus_keywordincludes/class-sftcy-wordai-ajaxhandler.php:76
authwp_ajax_sc_wordai_generate_imageincludes/class-sftcy-wordai-ajaxhandler.php:79
authwp_ajax_sc_wordai_upload_image_to_wp_mediaincludes/class-sftcy-wordai-ajaxhandler.php:80
authwp_ajax_sc_wordai_suggested_title_number_saveincludes/class-sftcy-wordai-ajaxhandler.php:81
authwp_ajax_wordai_google_gemini_api_key_data_saveincludes/class-sftcy-wordai-google-gemini-settings.php:54
authwp_ajax_sc_wordai_google_gemini_apisettings_dataincludes/class-sftcy-wordai-google-gemini-settings.php:60
authwp_ajax_sc_wordai_google_gemini_apisettings_reset_dataincludes/class-sftcy-wordai-google-gemini-settings.php:64
authwp_ajax_sc_wordai_google_gemini_content_settings_dataincludes/class-sftcy-wordai-google-gemini-settings.php:70
authwp_ajax_sc_wordai_google_gemini_content_settings_reset_dataincludes/class-sftcy-wordai-google-gemini-settings.php:74
authwp_ajax_sc_wordai_google_gemini_image_settings_dataincludes/class-sftcy-wordai-google-gemini-settings.php:80
authwp_ajax_sc_wordai_google_gemini_image_settings_reset_dataincludes/class-sftcy-wordai-google-gemini-settings.php:84
authwp_ajax_sc_wordai_check_seo_social_meta_tagsincludes/class-sftcy-wordai-metabox.php:38
authwp_ajax_sc_wordai_add_remove_seo_social_meta_tagsincludes/class-sftcy-wordai-metabox.php:39
authwp_ajax_sc_wordai_agent_estimate_index_costincludes/class-sftcy-wordai-openai-agent-ajax.php:18
authwp_ajax_sc_wordai_agent_start_indexingincludes/class-sftcy-wordai-openai-agent-ajax.php:19
authwp_ajax_sc_wordai_agent_run_indexingincludes/class-sftcy-wordai-openai-agent-ajax.php:20
authwp_ajax_sc_wordai_agent_cancel_indexingincludes/class-sftcy-wordai-openai-agent-ajax.php:21
authwp_ajax_sc_wordai_agent_get_progressincludes/class-sftcy-wordai-openai-agent-ajax.php:22
authwp_ajax_sc_wordai_agent_get_summaryincludes/class-sftcy-wordai-openai-agent-ajax.php:23
authwp_ajax_sc_wordai_agent_get_failed_itemsincludes/class-sftcy-wordai-openai-agent-ajax.php:24
authwp_ajax_sc_wordai_agent_save_chat_settingsincludes/class-sftcy-wordai-openai-agent-ajax.php:25
authwp_ajax_sc_wordai_agent_reset_chat_settingsincludes/class-sftcy-wordai-openai-agent-ajax.php:26
WordPress Hooks 22
actionadmin_enqueue_scriptsincludes/class-sftcy-wordai-ajaxhandler.php:19
actionadmin_initincludes/class-sftcy-wordai-ajaxhandler.php:26
filterplupload_default_settingsincludes/class-sftcy-wordai-ajaxhandler.php:82
actionadmin_initincludes/class-sftcy-wordai-base.php:38
actionadmin_initincludes/class-sftcy-wordai-base.php:39
actionadmin_menuincludes/class-sftcy-wordai-base.php:40
actionadmin_footerincludes/class-sftcy-wordai-base.php:41
actionadmin_noticesincludes/class-sftcy-wordai-base.php:42
actionplugins_loadedincludes/class-sftcy-wordai-base.php:43
filterpost_row_actionsincludes/class-sftcy-wordai-base.php:45
filterpage_row_actionsincludes/class-sftcy-wordai-base.php:46
actionhttp_api_curlincludes/class-sftcy-wordai-google-gemini-api.php:144
actionadmin_enqueue_scriptsincludes/class-sftcy-wordai-metabox.php:21
actionadd_meta_boxesincludes/class-sftcy-wordai-metabox.php:23
actionadd_meta_boxesincludes/class-sftcy-wordai-metabox.php:24
actionsave_postincludes/class-sftcy-wordai-metabox.php:26
actionwp_headincludes/class-sftcy-wordai-metabox.php:29
filterpre_get_document_titleincludes/class-sftcy-wordai-metabox.php:32
actionedit_form_after_titleincludes/class-sftcy-wordai-metabox.php:35
actionadmin_print_footer_scriptsincludes/class-sftcy-wordai-metabox.php:702
actionhttp_api_curlincludes/class-sftcy-wordai-openai.php:84
actionplugins_loadedwordai.php:151
Maintenance & Trust

WordAI Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

WordAI Alternatives

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek

WP Wand – Unlimited Content Generation using AI – for OpenAI, Claude, Openrouter and Deepseek

ai-content-generation

B
76

WP Wand is a powerful AI Content Writer for WordPress. Your AI Co-Pilot for generating content, powered by OpenAI, Claude, OpenRouter and Deepseek.

1K 1 unpatched
AutoWP – AI Content Writer & Rewriter

AutoWP – AI Content Writer & Rewriter

autowp-ai-content-writer-rewriter

B
77

AI Content Writer & Rewriter. Write content with AI from zero. Import content from RSS, Wordpress, Google News and rewrite with AI.

1K 1 unpatched
Featured Image from Content – AI Featured Image Generator

Featured Image from Content – AI Featured Image Generator

featured-image-from-content

A
100

Automatically set the featured image from the first content image, or generate one with OpenAI if none exists.

300 No CVEs
Genie Image – Image Generation with its AI Magic

Genie Image – Image Generation with its AI Magic

genie-image-ai

A
100

Ai Image Generator, Open AI DALL-E 2, Image Generator Plugin, Blog post Image generator, AI Image Creation, WordPress Image Generator, Openai photo ge …

300 No CVEs
AI Image Generator – Easy image creation with AI

AI Image Generator – Easy image creation with AI

ai-image-generator

A
92

Create stunning images with AI Image Generator. Use our image generator powered by OpenAI and DALL-E to produce high-quality visuals effortlessly.

200 No CVEs
Developer Profile

WordAI Developer Profile

softcoy

4 plugins · 30 total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WordAI

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wordai/assets/css/wordai-admin.css/wp-content/plugins/wordai/assets/js/wordai-admin.js/wp-content/plugins/wordai/assets/js/wordai-frontend.js
Script Paths
/wp-content/plugins/wordai/assets/js/wordai-admin.js/wp-content/plugins/wordai/assets/js/wordai-frontend.js
Version Parameters
/wp-content/plugins/wordai/assets/css/wordai-admin.css?ver=/wp-content/plugins/wordai/assets/js/wordai-admin.js?ver=/wp-content/plugins/wordai/assets/js/wordai-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wordai-content-generator
Data Attributes
data-wordai-id
JS Globals
WordAI
REST Endpoints
/wp-json/wordai/v1/get-content/wp-json/wordai/v1/get-image
FAQ

Frequently Asked Questions about WordAI