{"id":252919,"date":"2025-10-09T15:20:33","date_gmt":"2025-10-09T15:20:33","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/sajjetti-ai-audit\/"},"modified":"2025-10-09T15:23:31","modified_gmt":"2025-10-09T15:23:31","slug":"sajjetti-audit","status":"publish","type":"plugin","link":"https:\/\/pcd.wordpress.org\/plugins\/sajjetti-audit\/","author":23368701,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.0","stable_tag":"1.0.0","tested":"6.8.5","requires":"6.6","requires_php":"8.0","requires_plugins":null,"header_name":"Sajjetti - AI Audit","header_author":"Sajjetti","header_description":"AI-assisted theme and plugin scanner for security, performance, and best practices. Provides clear, actionable insights.","assets_banners_color":"00364a","last_updated":"2025-10-09 15:23:31","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/buymeacoffee.com\/sajjetti","header_plugin_uri":"https:\/\/sajjetti.ai\/audit","header_author_uri":"https:\/\/sajjetti.ai\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":192,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"sajjetti","date":"2025-10-09 15:23:31"}},"upgrade_notice":{"1.0.0":"

Initial release of Sajjetti - AI Audit<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3375862,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3375862,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3375862,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3375862,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3375862,"resolution":"1","location":"assets","locale":""},"screenshot-10.png":{"filename":"screenshot-10.png","revision":3375862,"resolution":"10","location":"assets","locale":""},"screenshot-11.png":{"filename":"screenshot-11.png","revision":3375862,"resolution":"11","location":"assets","locale":""},"screenshot-12.png":{"filename":"screenshot-12.png","revision":3375862,"resolution":"12","location":"assets","locale":""},"screenshot-13.png":{"filename":"screenshot-13.png","revision":3375862,"resolution":"13","location":"assets","locale":""},"screenshot-14.png":{"filename":"screenshot-14.png","revision":3375862,"resolution":"14","location":"assets","locale":""},"screenshot-15.png":{"filename":"screenshot-15.png","revision":3375862,"resolution":"15","location":"assets","locale":""},"screenshot-16.png":{"filename":"screenshot-16.png","revision":3375862,"resolution":"16","location":"assets","locale":""},"screenshot-17.png":{"filename":"screenshot-17.png","revision":3375862,"resolution":"17","location":"assets","locale":""},"screenshot-18.png":{"filename":"screenshot-18.png","revision":3375862,"resolution":"18","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3375862,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3375862,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3375862,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3375862,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3375862,"resolution":"6","location":"assets","locale":""},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3375862,"resolution":"7","location":"assets","locale":""},"screenshot-8.png":{"filename":"screenshot-8.png","revision":3375862,"resolution":"8","location":"assets","locale":""},"screenshot-9.png":{"filename":"screenshot-9.png","revision":3375862,"resolution":"9","location":"assets","locale":""}},"screenshots":{"1":"Plugins screen before activation (plugin listed, not yet active).","2":"Welcome modal after activation offering the guided tutorial (overlay starts).","3":"Tutorial step: open Settings from the Audit menu (overlay with arrow).","4":"Tutorial step: Settings > API Credentials \u2013 Username field (overlay with arrow).","5":"Tutorial step: Settings > API Credentials \u2013 API Key field (overlay with arrow).","6":"Tutorial step: New Scan \u2013 menu entry highlight (overlay with arrow).","7":"Tutorial step: Step 1 \u2013 choose scan type (Plugin\/Theme) (overlay with arrow).","8":"Tutorial step: Scan history \u2013 menu entry highlight (overlay with arrow).","9":"Tutorial step: Scan history \u2013 overview (no scans yet) (overlay with arrow).","10":"New Scan \u2013 Step 1: Type selector (form view).","11":"New Scan \u2013 Step 2: Select the item to scan (plugin chosen).","12":"New Scan \u2013 Step 3: Overview with selected plugin and Start Scan.","13":"New Scan \u2013 Step 4: Scanning in progress with progress bar.","14":"New Scan \u2013 Step 5: Scan complete with View Scan button.","15":"Scan details \u2013 File list with Optimization\/Warning\/Critical\/AI Status columns.","16":"File details \u2013 AI analysis results with findings, risk, and recommendations.","17":"Scan history \u2013 Completed scan row with counts and status.","18":"New Scan \u2013 Consent warning shown when remote analysis is disabled."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[8533,231338,247,6464,600],"plugin_category":[54],"plugin_contributors":[248980],"plugin_business_model":[],"class_list":["post-252919","plugin","type-plugin","status-publish","hentry","plugin_tags-audit","plugin_tags-code-analysis","plugin_tags-performance","plugin_tags-scanner","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-sajjetti","plugin_committers-sajjetti"],"banners":{"banner":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/banner-772x250.png?rev=3375862","banner_2x":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/banner-1544x500.png?rev=3375862","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/icon-128x128.png?rev=3375862","icon_2x":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/icon-256x256.png?rev=3375862","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-1.png?rev=3375862","caption":"Plugins screen before activation (plugin listed, not yet active)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-2.png?rev=3375862","caption":"Welcome modal after activation offering the guided tutorial (overlay starts)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-3.png?rev=3375862","caption":"Tutorial step: open Settings from the Audit menu (overlay with arrow)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-4.png?rev=3375862","caption":"Tutorial step: Settings > API Credentials \u2013 Username field (overlay with arrow)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-5.png?rev=3375862","caption":"Tutorial step: Settings > API Credentials \u2013 API Key field (overlay with arrow)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-6.png?rev=3375862","caption":"Tutorial step: New Scan \u2013 menu entry highlight (overlay with arrow)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-7.png?rev=3375862","caption":"Tutorial step: Step 1 \u2013 choose scan type (Plugin\/Theme) (overlay with arrow)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-8.png?rev=3375862","caption":"Tutorial step: Scan history \u2013 menu entry highlight (overlay with arrow)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-9.png?rev=3375862","caption":"Tutorial step: Scan history \u2013 overview (no scans yet) (overlay with arrow)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-10.png?rev=3375862","caption":"New Scan \u2013 Step 1: Type selector (form view)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-11.png?rev=3375862","caption":"New Scan \u2013 Step 2: Select the item to scan (plugin chosen)."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-12.png?rev=3375862","caption":"New Scan \u2013 Step 3: Overview with selected plugin and Start Scan."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-13.png?rev=3375862","caption":"New Scan \u2013 Step 4: Scanning in progress with progress bar."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-14.png?rev=3375862","caption":"New Scan \u2013 Step 5: Scan complete with View Scan button."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-15.png?rev=3375862","caption":"Scan details \u2013 File list with Optimization\/Warning\/Critical\/AI Status columns."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-16.png?rev=3375862","caption":"File details \u2013 AI analysis results with findings, risk, and recommendations."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-17.png?rev=3375862","caption":"Scan history \u2013 Completed scan row with counts and status."},{"src":"https:\/\/ps.w.org\/sajjetti-audit\/assets\/screenshot-18.png?rev=3375862","caption":"New Scan \u2013 Consent warning shown when remote analysis is disabled."}],"raw_content":"\n

Sajjetti \u2013 AI Audit is a security-first code scanner for WordPress plugins and themes.
\nIt performs static analysis of PHP, HTML, CSS, and JS files to detect vulnerabilities, \nperformance issues, and coding standard problems before they become real risks.<\/p>\n\n

Privacy by design<\/strong>\n- Nothing runs automatically; all scans are triggered manually by the site owner.\n- Files are analyzed statically \u2014 never executed.\n- Remote analysis is disabled by default. No code leaves your site until you explicitly enable \u201cAllow remote analysis\u201d in Settings.\n- When enabled, selected file contents are sent securely over HTTPS to the Sajjetti API. Analysis data is temporary and discarded after results are returned.\n- Complies with WordPress.org privacy and consent guidelines.<\/p>\n\n

What it helps you find<\/strong>\n- Security: unescaped output, missing nonces and capability checks, unsafe file operations, risky SQL patterns, and other common vulnerabilities.\n- Performance: expensive loops, heavy queries, oversized assets, and inefficient patterns that slow down page loads.\n- Code quality and compatibility: deprecated APIs, version-specific pitfalls, and conflicts with WordPress coding standards.<\/p>\n\n

Optional AI assistance<\/strong>\nWhen remote analysis is enabled, the Sajjetti API provides AI-powered suggestions with context-specific recommendations.
\nResults are presented with file-by-file drill-down, risk levels, and actionable insights. Human review is always recommended before making changes.<\/p>\n\n

Key Features<\/h3>\n\n
    \n
  • Detects vulnerabilities, warnings, and performance issues<\/li>\n
  • Provides optional AI-assisted analysis with actionable suggestions<\/li>\n
  • Offers file-by-file drill-down and detailed reports<\/li>\n
  • Built with a security-first design, including VIP-compliant validation and sanitization<\/li>\n<\/ul>\n\n

    Security Considerations<\/h3>\n\n
      \n
    • All scans are user-initiated; nothing runs automatically.<\/li>\n
    • File contents are analyzed statically (never executed).<\/li>\n
    • REST endpoints require capability checks and nonces.<\/li>\n
    • All external requests use HTTPS with nonce and referer validation.<\/li>\n
    • Uninstall removes plugin data (options and tables) cleanly.<\/li>\n
    • All user-facing strings are escaped and translatable.<\/li>\n<\/ul>\n\n

      Pricing and API Access<\/h3>\n\n

      The plugin includes a small allowance of free scans.
      \nAdditional scans require an API key, available through a paid subscription.<\/p>\n\n

      Privacy<\/h3>\n\n

      When you initiate a scan with remote analysis enabled, this plugin may transmit selected file contents (Base64-encoded PHP, HTML, CSS, and JS), limited file metadata (filename, relative path, size, cryptographic hash such as SHA-256), your site IP address and URL (for license validation), and your Sajjetti API username to the Sajjetti API for static analysis. No WordPress user account data, passwords, or database content is transmitted or stored. Temporary analysis data is deleted after results are returned. For details, see the included privacy.md file.<\/p>\n\n

      Remote analysis is disabled by default. Scans cannot start until the site owner explicitly enables Allow remote analysis in Settings.<\/p>\n\n

      External services<\/h3>\n\n

      This plugin connects to the Sajjetti Hub API (https:\/\/sajjetti.ai) to validate license status,\nmanage usage limits, upload code snippets for analysis, and fetch audit results.<\/p>\n\n

      Data sent:\n- License key and username when validating or checking usage.\n- Website URL and IP address when validating usage.\n- Selected PHP\/JS\/CSS source files when submitting for auditing.<\/p>\n\n

      Data returned:\n- License type and remaining file quota.\n- Audit results (security, performance, and code quality insights).<\/p>\n\n

      Legal & Privacy:<\/strong>\n- Terms of Service: https:\/\/sajjetti.ai\/terms-of-service\/\n- Privacy Policy: https:\/\/sajjetti.ai\/privacy-policy\/<\/p>\n\n\n

        \n
      1. Upload the plugin folder to \/wp-content\/plugins\/ or install via Plugins > Add New.<\/li>\n
      2. Activate the plugin via the WordPress Plugins menu.<\/li>\n
      3. Go to Audit > New Scan to trigger your first scan.<\/li>\n
      4. (Optional) Enter your Sajjetti API key under Settings for additional scans.<\/li>\n
      5. Enable Allow remote analysis in Settings > API Credentials to send code for analysis.<\/li>\n<\/ol>\n\n\n
        \n

        What information is sent to the Sajjetti API?<\/h3><\/dt>\n

        When you start a scan with remote analysis enabled, the following data is transmitted:\n- Selected file contents (Base64-encoded PHP, HTML, CSS, and JS)\n- Your website IP address and URL (for API license validation)\n- Your Sajjetti API username (account identifier, not your WordPress username)\n- File metadata: filename, file type, file size, and internal scan identifiers<\/p>\n\n

        No WordPress user account data, passwords, or database content is transmitted.<\/p><\/dd>\n

        When does this plugin send data to external servers?<\/h3><\/dt>\n

        Only when you start a scan and have enabled Allow remote analysis in Settings > API Credentials. If remote analysis is disabled, nothing is sent.<\/p><\/dd>\n

        What happens if the Sajjetti API is unavailable?<\/h3><\/dt>\n

        Remote analysis scans will not run and no files will be sent. You will see an error in the admin UI and can retry later. Your settings and scan history remain intact.<\/p><\/dd>\n

        Does this plugin automatically upload files?<\/h3><\/dt>\n

        No. All scans are user-triggered. Nothing is sent unless you manually start a scan with remote analysis enabled.<\/p><\/dd>\n

        Are my files executed on your servers?<\/h3><\/dt>\n

        No. Analysis is static only. Files are never executed, only analyzed for patterns and potential issues.<\/p><\/dd>\n

        Do you store my files or data?<\/h3><\/dt>\n

        No. Transmitted data is used only for analysis and is deleted after results are returned.<\/p><\/dd>\n

        Why do you need my site IP address and URL?<\/h3><\/dt>\n

        They are used to validate that your API license is authorized for your website. This helps prevent unauthorized use of API credentials.<\/p><\/dd>\n\n<\/dl>\n\n\n

        1.0.0<\/h4>\n\n
          \n
        • Initial release<\/li>\n
        • Static code analysis for PHP, HTML, CSS, and JS files<\/li>\n
        • Security, performance, and code quality detection (with optional AI assistance)<\/li>\n
        • Secure API integration with license validation<\/li>\n
        • File-by-file detailed reporting with actionable recommendations<\/li>\n<\/ul>","raw_excerpt":"AI-assisted theme and plugin scanner for security, performance, and best practices. Provides clear, actionable insights.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/252919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=252919"}],"author":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/sajjetti"}],"wp:attachment":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=252919"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=252919"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=252919"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=252919"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=252919"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=252919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}