Muchatai

1 linked audits · 0 IOCs catalogued · 200 headline-plugin installs · first seen 2026-05-07 · last activity 2026-05-07

Audits in this campaign

Suspicious

Audit #35 Muchat – AI Chatbot (with Autosync) — 200 installs

Verdict: SUSPICIOUS — vendor self-own, not a supply-chain attack. muchat-ai v2.0.55 (released 2026-04-29 to wp.org, ~100 active installs) ships with API authentication explicitly disabled. The plugin's AuthMiddleware::verify_token() was mo…

baseline 2.0.54 → head 2.0.55 1mo ago