Does XHTheme AI Toolbox have any unpatched vulnerabilities?

No. All known vulnerabilities in XHTheme AI Toolbox have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is XHTheme AI Toolbox compatible with WordPress 6.9.4?

According to WordPress.org data, XHTheme AI Toolbox 1.9.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is XHTheme AI Toolbox compatible with PHP 7.0+?

XHTheme AI Toolbox requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is XHTheme AI Toolbox updated?

XHTheme AI Toolbox was last updated on Mar 7, 2026. Frequent updates are generally a positive security signal.

What is XHTheme AI Toolbox's security score?

XHTheme AI Toolbox has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

XHTheme AI Toolbox Security & Risk Analysis

wordpress.org/plugins/xhtheme-ai-toolbox

AI tag extraction, AI image, AI summary, comment generation, AI topic expansion, auto-classification, slug generation and AI content enhancement.

200 active installs v1.9.5 PHP 7.0+ WP 6.6+ Updated Mar 7, 2026

aiai-summaryauto-commentsauto-tagsxhtheme-ai-toolbox

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is XHTheme AI Toolbox Safe to Use in 2026?

Generally Safe

Score 100/100

XHTheme AI Toolbox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 27d ago

Risk Assessment

The xhtheme-ai-toolbox plugin v1.9.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices in its use of prepared statements for SQL queries and proper output escaping, with high percentages in both areas. The plugin also has a clean vulnerability history, with no recorded CVEs, which suggests a history of relatively secure development. However, significant concerns arise from the identified attack surface. A substantial portion of the AJAX handlers and REST API routes lack necessary authentication and permission checks, creating a wide entry point for potential unauthorized actions or information disclosure.

The taint analysis revealed a critical severity flow with unsanitized paths, indicating a potential for serious security vulnerabilities if this flow is exploited. While the static analysis did not flag dangerous functions or raw SQL queries, the presence of unsanitized paths in taint analysis is a strong indicator of potential risks. The lack of nonce checks on a significant number of AJAX handlers further exacerbates the risk associated with the large attack surface. Overall, while the plugin has some strong security foundations, the identified unprotected entry points and critical taint flow present a notable risk that requires immediate attention.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Critical taint flow with unsanitized paths
Missing nonce checks on AJAX handlers

Vulnerabilities

None known

XHTheme AI Toolbox Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

XHTheme AI Toolbox Code Analysis

Dangerous Functions

Raw SQL Queries

72 prepared

Unescaped Output

277 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

91% prepared79 total queries

Output Escaping

93% escaped299 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

ajax_save_settings (classes\class-xhtheme-admin.php:612)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

15 unprotected

XHTheme AI Toolbox Attack Surface

Entry Points29

Unprotected15

AJAX Handlers 24

authwp_ajax_save_xhtheme_ai_settingsclasses\class-xhtheme-admin.php:136

authwp_ajax_xhaitool_thread_pageclasses\class-xhtheme-admin.php:137

authwp_ajax_hide_theme_noticeclasses\class-xhtheme-admin.php:138

authwp_ajax_xhaitool_wizard_saveclasses\class-xhtheme-admin.php:139

authwp_ajax_xhtheme_log_react_errorclasses\class-xhtheme-admin.php:147

authwp_ajax_xhaitoolbox_queueexecuteclasses\class-xhtheme-cronqueue.php:29

noprivwp_ajax_xhaitoolbox_queueexecuteclasses\class-xhtheme-cronqueue.php:30

authwp_ajax_xhaitoolbox_queuelistclasses\class-xhtheme-cronqueue.php:31

authwp_ajax_xhaitoolbox_queuedeleteclasses\class-xhtheme-cronqueue.php:32

authwp_ajax_xhaitoolbox_queueretryclasses\class-xhtheme-cronqueue.php:33

authwp_ajax_xhaitoolbox_queuebatchretryclasses\class-xhtheme-cronqueue.php:34

authwp_ajax_xhinteract_save_settingsclasses\class-xhtheme-interact.php:42

authwp_ajax_xhinteract_get_usersclasses\class-xhtheme-interact.php:43

authwp_ajax_xhinteract_get_logsclasses\class-xhtheme-interact.php:44

authwp_ajax_xhinteract_get_statsclasses\class-xhtheme-interact.php:45

authwp_ajax_xhinteract_batch_actionclasses\class-xhtheme-interact.php:46

authwp_ajax_xhinteract_export_logsclasses\class-xhtheme-interact.php:47

authwp_ajax_xhinteract_get_categoriesclasses\class-xhtheme-interact.php:48

authwp_ajax_xhinteract_cleanup_logsclasses\class-xhtheme-interact.php:49

authwp_ajax_xhinteract_create_ai_userclasses\class-xhtheme-interact.php:50

authwp_ajax_xhinteract_upload_ai_avatarclasses\class-xhtheme-interact.php:51

authwp_ajax_handle_xhaitool_aitasksclasses\class-xhtheme-postauto.php:35

authwp_ajax_xhaitoolbox_automate_rulesclasses\class-xhtheme-postauto.php:50

authwp_ajax_xhaitoolbox_automate_rules_saveclasses\class-xhtheme-postauto.php:51

REST API Routes 4

POST/wp-json/aitoolboxv1/thread/getclasses\class-xhtheme-thread.php:1089

POST/wp-json/aitoolboxv1/thread/commentclasses\class-xhtheme-thread.php:1095

POST/wp-json/aitoolboxv1/thread/load-moreclasses\class-xhtheme-thread.php:1101

POST/wp-json/aitoolboxv1/comment/likeclasses\class-xhtheme-thread.php:1107

Shortcodes 1

[xhaitoolbox_threads] classes\class-xhtheme-thread.php:1524

WordPress Hooks 102

filterload_textdomain_mofileaitoolbox.php:63

actionadmin_initaitoolbox.php:82

actionwp_loadedaitoolbox.php:100

actionadmin_noticesaitoolbox.php:112

actionxhaitoolbox_log_erroraitoolbox.php:130

actionwp_enqueue_scriptsaitoolbox.php:140

actionadmin_menuclasses\class-xhtheme-admin.php:124

actionadmin_enqueue_scriptsclasses\class-xhtheme-admin.php:127

actionadmin_bar_menuclasses\class-xhtheme-admin.php:130

filterplugin_action_linksclasses\class-xhtheme-admin.php:133

actionadmin_noticesclasses\class-xhtheme-admin.php:142

actionadmin_enqueue_scriptsclasses\class-xhtheme-admin.php:145

actionxhaitoolbox_log_errorclasses\class-xhtheme-admin.php:146

filterthe_contentclasses\class-xhtheme-aiblock.php:923

actioninitclasses\class-xhtheme-aiblock.php:1105

actionenqueue_block_editor_assetsclasses\class-xhtheme-aiblock.php:1106

actionrest_api_initclasses\class-xhtheme-aiblock.php:1107

actionrest_after_insert_postclasses\class-xhtheme-aiblock.php:1108

filterthe_contentclasses\class-xhtheme-aiblock.php:1109

filterget_the_excerptclasses\class-xhtheme-aiblock.php:1110

filterget_the_excerptclasses\class-xhtheme-aiblock.php:1111

filterpost_excerptclasses\class-xhtheme-aiblock.php:1112

actionpost_tag_edit_form_fieldsclasses\class-xhtheme-aiblock.php:1115

actionproduct_tag_edit_form_fieldsclasses\class-xhtheme-aiblock.php:1116

actionsitetag_edit_form_fieldsclasses\class-xhtheme-aiblock.php:1117

actionedit_termclasses\class-xhtheme-aiblock.php:1118

filterdocument_title_partsclasses\class-xhtheme-aiblock.php:1119

actionadd_meta_boxesclasses\class-xhtheme-aiblock.php:1122

actionsave_postclasses\class-xhtheme-aiblock.php:1123

actionxhaitoolbox_twicedaily_cronclasses\class-xhtheme-aiblock.php:1126

filterzib_get_excerptclasses\class-xhtheme-aiblock.php:1131

actionrest_after_insert_postclasses\class-xhtheme-aiimage.php:24

filterxhaitoolbox_cronitem_imagewordclasses\class-xhtheme-aiimage.php:25

filterxhaitoolbox_cronitem_getimageclasses\class-xhtheme-aiimage.php:26

actioninitclasses\class-xhtheme-block-template.php:26

filterget_block_templatesclasses\class-xhtheme-block-template.php:62

filterpre_get_block_file_templateclasses\class-xhtheme-block-template.php:63

filterget_block_templateclasses\class-xhtheme-block-template.php:64

filteradmin_comment_types_dropdownclasses\class-xhtheme-comment.php:26

filtermanage_edit-comments_columnsclasses\class-xhtheme-comment.php:27

actionmanage_comments_custom_columnclasses\class-xhtheme-comment.php:28

filterget_avatar_comment_typesclasses\class-xhtheme-comment.php:29

filterget_comment_typeclasses\class-xhtheme-comment.php:30

filterpre_get_avatar_dataclasses\class-xhtheme-comment.php:31

filterget_avatar_dataclasses\class-xhtheme-comment.php:32

filterpre_get_avatarclasses\class-xhtheme-comment.php:33

filterget_user_metadataclasses\class-xhtheme-comment.php:34

actionxhaitoolbox_minute_cronclasses\class-xhtheme-comment.php:35

filterxhaitoolbox_cronitem_commentclasses\class-xhtheme-comment.php:36

actionxhtheme_ai_toolbox_avatarloacal_errorclasses\class-xhtheme-comment.php:37

filterwp_list_comments_argsclasses\class-xhtheme-comment.php:38

filtercomment_classclasses\class-xhtheme-comment.php:39

actioninitclasses\class-xhtheme-comment.php:40

filtercomment_notification_recipientsclasses\class-xhtheme-comment.php:45

filtercomment_moderation_recipientsclasses\class-xhtheme-comment.php:46

filterwp_mailclasses\class-xhtheme-comment.php:48

filterpre_wp_mailclasses\class-xhtheme-comment.php:49

actionwp_set_comment_statusclasses\class-xhtheme-comment.php:53

actionadmin_footerclasses\class-xhtheme-cronqueue.php:36

filtercron_schedulesclasses\class-xhtheme-cronqueue.php:37

actionrest_api_initclasses\class-xhtheme-cronqueue.php:38

actionxhaitoolbox_minute_cronclasses\class-xhtheme-cronqueue.php:47

actionxhaitoolbox_twicedaily_cronclasses\class-xhtheme-cronqueue.php:48

actioncomment_postclasses\class-xhtheme-interact.php:38

filtermanage_edit-comments_columnsclasses\class-xhtheme-interact.php:39

actionmanage_comments_custom_columnclasses\class-xhtheme-interact.php:40

filterxhaitoolbox_cronitem_interactclasses\class-xhtheme-interact.php:41

actionxhaitoolbox_minute_cronclasses\class-xhtheme-interact.php:52

filterget_comment_textclasses\class-xhtheme-interact.php:55

filterwp_list_table_class_nameclasses\class-xhtheme-postauto.php:31

filtermanage_post_posts_columnsclasses\class-xhtheme-postauto.php:32

actionmanage_post_posts_custom_columnclasses\class-xhtheme-postauto.php:33

actionadmin_enqueue_scriptsclasses\class-xhtheme-postauto.php:34

filtermanage_product_posts_columnsclasses\class-xhtheme-postauto.php:38

filterwoocommerce_product_reviews_table_columnsclasses\class-xhtheme-postauto.php:39

actionwoocommerce_product_reviews_table_column_comments_statusclasses\class-xhtheme-postauto.php:40

filterxhaitoolbox_cronitem_summaryclasses\class-xhtheme-postauto.php:44

filterxhaitoolbox_cronitem_tagsclasses\class-xhtheme-postauto.php:45

filterxhaitoolbox_cronitem_threadlistclasses\class-xhtheme-postauto.php:46

filterxhaitoolbox_cronitem_primaryclasses\class-xhtheme-postauto.php:47

actionwp_after_insert_postclasses\class-xhtheme-postauto.php:52

actionadd_meta_boxesclasses\class-xhtheme-postauto.php:53

actionsave_postclasses\class-xhtheme-postauto.php:54

actionadmin_noticesclasses\class-xhtheme-postauto.php:57

actionadmin_initclasses\class-xhtheme-postauto.php:58

actioninitclasses\class-xhtheme-thread.php:1497

filterxhtheme_ai_toolbox_postupdateclasses\class-xhtheme-thread.php:1498

filterxhaitoolbox_cronitem_threadclasses\class-xhtheme-thread.php:1499

actionrestrict_manage_postsclasses\class-xhtheme-thread.php:1506

filterparse_queryclasses\class-xhtheme-thread.php:1507

filtermanage_post_posts_columnsclasses\class-xhtheme-thread.php:1510

actionmanage_post_posts_custom_columnclasses\class-xhtheme-thread.php:1511

filterthe_contentclasses\class-xhtheme-thread.php:1514

actionadmin_headclasses\class-xhtheme-thread.php:1515

filtertemplate_includeclasses\class-xhtheme-thread.php:1516

filterxhaitoolbox_add_block_templatesclasses\class-xhtheme-thread.php:1517

filterxhaitoolbox_add_block_patternsclasses\class-xhtheme-thread.php:1518

actionrest_api_initclasses\class-xhtheme-thread.php:1521

actionwp_enqueue_scriptsclasses\class-xhtheme-thread.php:1527

actionenqueue_block_editor_assetsclasses\class-xhtheme-thread.php:1528

filtercomments_templateclasses\class-xhtheme-thread.php:1529

actionxhaitoolbox_twicedaily_cronclasses\class-xhtheme-thread.php:1532

Scheduled Events 2

xhaitoolbox_minute_cron

xhaitoolbox_twicedaily_cron

Maintenance & Trust

XHTheme AI Toolbox Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 7, 2026

PHP min version7.0

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

XHTheme AI Toolbox Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Hostinger Tools

hostinger

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Maintenance

maintenance

100

Great looking maintenance, coming soon & under construction pages. Put your site under maintenance in minutes.

1.0M 1 CVE

Developer Profile

XHTheme AI Toolbox Developer Profile

xhtheme

2 plugins · 210 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect XHTheme AI Toolbox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xhtheme-ai-toolbox/classes/../assets/css/admin.css/wp-content/plugins/xhtheme-ai-toolbox/classes/../assets/css/xhtheme-ai-toolbox.css/wp-content/plugins/xhtheme-ai-toolbox/classes/../assets/js/admin.js/wp-content/plugins/xhtheme-ai-toolbox/classes/../assets/js/xhtheme-ai-toolbox.js/wp-content/plugins/xhtheme-ai-toolbox/classes/../assets/js/tool.js

Script Paths

/wp-content/plugins/xhtheme-ai-toolbox/classes/../assets/js/xhtheme-ai-toolbox.js

Version Parameters

xhtheme-ai-toolbox/assets/css/admin.css?ver=xhtheme-ai-toolbox/assets/css/xhtheme-ai-toolbox.css?ver=xhtheme-ai-toolbox/assets/js/admin.js?ver=xhtheme-ai-toolbox/assets/js/xhtheme-ai-toolbox.js?ver=xhtheme-ai-toolbox/assets/js/tool.js?ver=

HTML / DOM Fingerprints

CSS Classes

xhtheme-ai-toolbox-statusxh-summon-wordeb-cardeb-iconeb-titiconeb-card-bgboxeb-card-bodyeb-desc+1 more

Data Attributes

data-slug="xhtheme-ai-toolbox"

JS Globals

XHTheme_AI_Toolbox_Config

REST Endpoints

/wp-json/xhthemeai/v1/upload/image/wp-json/xhthemeai/v1/get/text/wp-json/xhthemeai/v1/get/image/wp-json/xhthemeai/v1/save/ai-setting/wp-json/xhthemeai/v1/post/auto/wp-json/xhthemeai/v1/comment/auto/wp-json/xhthemeai/v1/tag/auto/wp-json/xhthemeai/v1/category/auto/wp-json/xhthemeai/v1/thread/auto

Shortcode Output

[xhtheme-ai-tool][xhtheme_ai_content]

FAQ