Wordtune Ai Paraphrasing

Name: Security Analysis: Wordtune Ai Paraphrasing
Item: Wordtune Ai Paraphrasing
Rating: 5
Author: ChromeBoard

✨ AI-Powered 🔍 Security Report Available

👥 1M+ users

📦 v9.19.0

💾 3.59MiB

📅 2025-08-12

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Elevate your writing with Wordtune’s GenAI tools for better communication.

With Wordtune, your AI writing companion, you can easily paraphrase, rewrite, generate text, correct grammar, and more—all for free.

🔑 Key features:

📝 Paraphrase: Reshape your sentences into clear, engaging alternatives that better match your tone, context, and audience, all while keeping your meaning intact.

✅ Perfect Grammar: Experience flawless grammar and spelling in every rewrite, ensuring your text is perfectly edited before hitting “send”.

💻 Works where you write: Seamlessly integrated into your Chrome browser, allowing you to write, rewrite, and generate content directly on your favorite websites: no need to switch tabs.

➡️ Generate Text: Easily create content within any website you’re writing on. Text that understands your context and fits your tone and style.

🎓Minimize Plagiarism: Generate original content and paraphrase existing text to ensure unique, non-plagiarized writing.

🤖 AI Detection Resistant: Wordtune helps humanize your writing, reducing the likelihood of being flagged by AI detection tools.

🌐 Translate: Eliminate language barriers and deliver perfectly worded translations of your native language to English.

🖊️ Custom Writing Tones: Take your writing from a casual tone to something more formal with the click of a button—and vice versa.

Write authentically and paraphrase with ease, anywhere and anytime—whether on desktop or with our mobile app. Choose between a free plan or unlock premium features to elevate your writing experience.

Join millions of writers worldwide and install Wordtune on Chrome today.

🔒 Privacy and data protection
Your data is secure with Wordtune. We anonymize all user inputs, ensuring no data is linked to any specific account or individual. Personal information, including names, email addresses, and physical addresses, is automatically removed to protect your privacy.

📄Terms and conditions
By installing the extension, you agree to and acknowledge:
Privacy Policy: https://www.wordtune.com/privacy-policy
Terms of Use: https://www.wordtune.com/terms-of-use

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

v9.19.0 Info Scanned Mar 11, 2026

Security Analysis — Wordtune Ai Paraphrasing

Analyzed v9.19.0 · Mar 11, 2026 · 105 JS files · 8985 KB scanned

Permissions

Code Patterns Detected

External Connections

www.w3.org www.apache.org github.com api.wordtune.com app.wordtune.com go.apollo.dev lodash.com npms.io docs.apollostack.com api.stigg.io wordtune-productionba9aa0eb.firebaseio.com chromium-extension.wordtune.com +8 more

Package Contents 143 files · 10.4MB

▾📁_locales

▾📁ar

{}messages.json3B

▾📁de

{}messages.json3B

▾📁en

{}messages.json3B

▾📁es

{}messages.json3B

▾📁fr

{}messages.json3B

▾📁it

{}messages.json3B

▾📁nl

{}messages.json3B

▾📁pt_BR

{}messages.json3B

▾📁pt_PT

{}messages.json3B

▾📁_metadata21KB

{}verified_contents.json21KB

▾📁assets453KB

🔤GeneralSans-Bold-Ctx684HN.woff221KB

🔤GeneralSans-BoldItalic-CPXXYtWC.woff222KB

🔤GeneralSans-Extralight-CeoahQd2.woff220KB

🔤GeneralSans-ExtralightItalic-S_cjHVs3.woff221KB

🔤GeneralSans-Italic-B5PwseXg.woff223KB

🔤GeneralSans-Light-ulp9itO8.woff223KB

🔤GeneralSans-LightItalic-DkwLWVcP.woff223KB

🔤GeneralSans-Medium-DvEF04Ne.woff222KB

🔤GeneralSans-MediumItalic-KKwIU56p.woff223KB

🔤GeneralSans-Regular-BeAhF2WT.woff223KB

🔤GeneralSans-Semibold-DFLbTJgb.woff223KB

🔤GeneralSans-SemiboldItalic-C5XnX2aR.woff224KB

🔤GeneralSans-Variable-p1VyP7gg.woff237KB

🔤GeneralSans-VariableItalic-DIM2rvVg.woff240KB

🎨client-BbOqT5mw.css108KB

▾📁chunks2.2MB

📜ColoredAccessLarge-DJXffg2u.js4KB

📜ColoredAccessMedium-DQknkEYH.js4KB

📜ColoredAccessSmall-Dxk00-_y.js3KB

📜ColoredAccessTiny-CK8C8Oo6.js4KB

📜ColoredAccountLarge-BQLSOgvX.js4KB

📜ColoredAccountMedium-DJWKCd7t.js3KB

📜ColoredAccountSmall-CvtxgQ45.js3KB

📜ColoredAccountTiny-viO9EC8R.js3KB

📜ColoredAchievementLarge-P8c3qNlv.js5KB

📜ColoredAchievementMedium-BcKDD8fz.js5KB

📜ColoredAchievementSmall-DU8a62bN.js5KB

📜ColoredAchievementTiny-tsIcpkSO.js5KB

📜ColoredCreateLarge-BGIrKBQ6.js4KB

📜ColoredCreateMedium-MA1UPoEv.js3KB

📜ColoredCreateSmall-DKcZlly-.js3KB

📜ColoredCreateTiny-M0G_F5Nu.js3KB

📜ColoredEmptyStateLarge-DySmIH5U.js7KB

📜ColoredEmptyStateMedium-DC7LDwu4.js7KB

📜ColoredEmptyStateSmall-Csq4_WZb.js7KB

📜ColoredEmptyStateTiny-BiaRq2eW.js7KB

📜ColoredGeneralErrorLarge-zCt4ng-g.js9KB

📜ColoredGeneralErrorMedium-DzX_wprV.js9KB

📜ColoredGeneralErrorSmall-COJPkpaE.js9KB

📜ColoredGeneralErrorTiny-BML2y5z6.js8KB

📜ColoredInvalidTextLarge-D1VNhRxI.js2KB

📜ColoredInvalidTextMedium-90W1Ja0c.js2KB

📜ColoredInvalidTextSmall-B5GYNtfL.js2KB

📜ColoredInvalidTextTiny-AZ57KaiG.js2KB

📜ColoredKeyboardLarge-Dq1DS6Xe.js7KB

📜ColoredKeyboardMedium-CmOFXanj.js7KB

📜ColoredKeyboardSmall-o75CKeUG.js7KB

📜ColoredKeyboardTiny-DNRHNp23.js7KB

📜ColoredLinkSummaryLarge-C6ztapY0.js8KB

📜ColoredLinkSummaryMedium-D3qVOj3e.js7KB

📜ColoredLinkSummarySmall-DOm1wV1e.js7KB

📜ColoredLinkSummaryTiny-6mzAmp_q.js7KB

📜ColoredLoginLarge-D77CKi2U.js2KB

📜ColoredLoginMedium-BKI0mIpX.js2KB

📜ColoredLoginSmall-A0g7cHTA.js2KB

📜ColoredLoginTiny-VS0uFfzp.js2KB

📜ColoredMajorErrorLarge-vCoSDzGx.js3KB

📜ColoredMajorErrorMedium-DJLis0OG.js3KB

📜ColoredMajorErrorSmall-DlnaXkfv.js3KB

📜ColoredMajorErrorTiny-5cp4IpAU.js2KB

📜ColoredPremiumLarge-DhtVKzRV.js4KB

📜ColoredPremiumMedium-C8q16sLL.js4KB

📜ColoredPremiumSmall-CDY8wsul.js4KB

📜ColoredPremiumTiny-C-jM7PLh.js4KB

📜ColoredPrivacyLarge-BzOzuWZh.js3KB

📜ColoredPrivacyMedium-VvlC8YAr.js3KB

📜ColoredPrivacySmall-Fm0-e7n3.js3KB

📜ColoredPrivacyTiny-D_2WsHhU.js3KB

📜ColoredProofreadLarge-DjKq10Op.js4KB

📜ColoredProofreadMedium-DgZrGIc5.js4KB

📜ColoredProofreadSmall-CpQnG3TT.js4KB

📜ColoredProofreadTiny-DoOQeRKh.js4KB

📜ColoredReplyEmailsLarge-CrFt8UnF.js5KB

📜ColoredReplyEmailsMedium-StN_Li4S.js5KB

📜ColoredReplyEmailsSmall-CiNM6NUm.js5KB

📜ColoredReplyEmailsTiny-41fBGej4.js5KB

📜ColoredSignupLarge-DXHdAPNT.js7KB

📜ColoredSignupMedium-VTmNrtAF.js7KB

📜ColoredSignupSmall-Ck5VtllK.js7KB

📜ColoredSignupTiny-smO-Gerr.js7KB

📜ColoredSuccessLarge-DTZsyLND.js3KB

📜ColoredSuccessMedium-BfH__tOQ.js3KB

📜ColoredSuccessSmall-D4y1jl_r.js3KB

📜ColoredSuccessTiny-00GBMs1V.js3KB

📜ColoredTextFieldLarge-CW_e663Z.js3KB

📜ColoredTextFieldMedium-B9eVAz86.js3KB

📜ColoredTextFieldSmall-DXwU0rUY.js3KB

📜ColoredTextFieldTiny-DZc-86K4.js3KB

📜ColoredTextSuccessLarge-Ke8QCLUn.js3KB

📜ColoredTextSuccessMedium-1pE2xuc2.js3KB

📜ColoredTextSuccessSmall-DpOtM78h.js3KB

📜ColoredTextSuccessTiny-P-_I3bAn.js3KB

📜ColoredUnlockPremiumLarge-C4Qd8X8f.js3KB

📜ColoredUnlockPremiumMedium-B9ocUuj7.js3KB

📜ColoredUnlockPremiumSmall-D2EID99G.js2KB

📜ColoredUnlockPremiumTiny-BC8jAq1V.js2KB

📜ColoredUpgradedSuccessLarge-BkKlcqKQ.js8KB

📜ColoredUpgradedSuccessMedium-COwMPli2.js8KB

📜ColoredUpgradedSuccessSmall-CeRIbSv9.js8KB

📜ColoredUpgradedSuccessTiny-Ch1es9_K.js8KB

📜ColoredUploadFilesLarge-C7h9GZ5N.js4KB

📜ColoredUploadFilesMedium-Blh5zy0Q.js4KB

📜ColoredUploadFilesSmall-BFTS41UR.js4KB

📜ColoredUploadFilesTiny-D_Ti9wue.js4KB

📜ColoredWelcomeLarge-CQgwjvnZ.js5KB

📜ColoredWelcomeMedium-C10C-0-J.js5KB

📜ColoredWelcomeSmall-Vmig-DIQ.js5KB

📜ColoredWelcomeTiny-BFqFFOo8.js5KB

📜ColoredWriteWhereverLarge-C9CwfSB2.js10KB

📜ColoredWriteWhereverMedium-DRYdjwCq.js10KB

📜ColoredWriteWhereverSmall-BMZOYJ7x.js10KB

📜ColoredWriteWhereverTiny-_lBPRpvI.js10KB

📜client-N8pCKoNr.js1.3MBlarge

📜popup-JFhk5GhQ.js19KB

📜sidepanel-Bk9B3E05.js484KBlarge

▾📁content-scripts6.4MB

📜browserDetector.js15KB

🎨content.css568KB

📜content.js2.7MBlarge

📜enableCanvasAnnotations.js597B

🎨read.css568KB

📜read.js2.6MBlarge

📜wordtuneExtensionInstalled.js555B

▾📁icon26KB

🖼128-stg.png6KB

🖼128.png7KB

🖼16-stg.png1KB

🖼16.png1KB

🖼32-stg.png3KB

🖼32.png3KB

🖼48-stg.png2KB

🖼48.png2KB

📜background.js1.3MBlarge

{}manifest.json2KB

🌐popup.html535B

🌐sidepanel.html596B

What This Extension Does

Wordtune Ai Paraphrasing is a productivity tool designed to assist users in rewriting, translating, and correcting text directly within their browser. It leverages Generative AI to help writers improve grammar, adjust tone, and reduce plagiarism across various websites. While the extension claims to anonymize data, its broad permissions allow it to access content on all websites, which presents a significant privacy risk if the developer's security practices are not robust.

Permissions Explained

*://*/*expected: This permission allows the extension to read and modify text on every single website you visit. It is necessary for the tool to rewrite your text in real-time, but it means the developer can technically see everything you type or view.
Technical: Grants access to the DOM and storage of all origins via chrome.scripting APIs. This creates a massive attack surface; if the extension is compromised, an attacker could harvest credentials from banking sites or read private messages on social media. ⚠ The scope is extremely broad. While necessary for functionality, it requires trusting the developer with all your browsing data.
cookiescheck this: Allows the extension to read and set cookies on websites you visit. This helps it remember your settings or session state while rewriting text.
Technical: Accesses httpOnly, secure, and sameSite cookies via chrome.cookies API. Can be used to track user sessions across sites if not strictly limited to the Wordtune domain. ⚠ Reading third-party cookies on all sites is generally unnecessary for a text editor and increases tracking potential.
clipboardReadexpected: Enables the extension to read your clipboard contents. This is needed so you can paste text into Wordtune or have it automatically copy rewritten text back to your clipboard.
Technical: Accesses chrome.clipboard.read API. Can capture sensitive data like passwords if a user accidentally copies them, though modern browsers often restrict this contextually. ⚠ Low risk if managed by the browser's clipboard API restrictions, but still grants access to system-wide copy history.
storageexpected: Allows the extension to save your preferences, rewrite history, and cached AI models locally in your browser.
Technical: Uses chrome.storage.sync and chrome.storage.local. Data persists across sessions and can be synced if enabled. Vulnerable to local storage extraction attacks if the extension is hijacked. ⚠ Standard for extensions with user settings; risk depends on what data is stored.
scriptingexpected: Permits the extension to inject scripts into web pages to perform text manipulation and UI modifications.
Technical: Enables chrome.scripting.executeScript. Essential for DOM manipulation but allows execution of arbitrary code within the context of every visited page. ⚠ Inherently risky due to broad host permissions; requires strict CSP (Content Security Policy) enforcement.
tabsexpected: Allows the extension to see which tabs are open and interact with them.
Technical: Accesses chrome.tabs API. Used to detect active writing sessions and inject content scripts into specific tabs. ⚠ Minimal risk; standard for extensions that need to know where to inject their UI.
sidePanelexpected: Enables the extension to open a sidebar panel when you click its icon.
Technical: Accesses chrome.sidePanel API. Allows rendering custom HTML/CSS/JS in a popup context. ⚠ Low risk; limited to the popup window scope.

Your Data

The extension sends your rewritten text and potentially page content to Wordtune's servers (api.wordtune.com) for AI processing. It also communicates with Firebase, billing services (Stigg), and various CDN/CDN-like domains (lodash, npms). While the developer claims data anonymization, the broad permissions mean they have access to your raw input before it is processed.

Technical Details

Outbound connections observed: api.wordtune.com, app.wordtune.com, wordtune-productionba9aa0eb.firebaseio.com, api.stigg.io. Protocols: HTTPS (implied by domain structure and standard practice). Data types exposed: Full page DOM content, user keystrokes, clipboard history, cookies, and local storage data. Encryption: TLS 1.2+ expected on public endpoints.

Code Findings

Broad Host Permissions Enable Universal MonitoringHigh

Because the extension works on 'all websites', it has the potential to see everything you do online, from your emails to your banking details. If this tool were hacked, attackers could steal sensitive information from any site you visit.

Technical: Manifest V3 permission '*://*/*' combined with chrome.scripting.executeScript allows injection into any origin. This bypasses same-origin policy protections for the extension's own code. An attacker with access to the extension package (e.g., via a supply chain compromise) could exfiltrate data from high-value targets like Google Docs or GitHub.

💡 Required for 'inline' editing tools that must function within the context of any third-party site without prior user interaction on that specific page.

Potential Hardcoded Secret or API Key LeakageMedium

There is a possibility that the extension contains hardcoded API keys or secrets used to connect to Wordtune's servers. If these are exposed in the source code, they could be stolen and misused by attackers.

Technical: Analysis flagged '[medium] Potential hardcoded secret'. This often occurs when developers use environment variables incorrectly or commit build artifacts containing keys. If present, this would allow unauthorized access to Wordtune's AI services or bypass billing limits.

💡 None; secrets should never be hardcoded in client-side extensions.

Cross-Origin Communication via postMessageInfo

The extension uses a standard messaging system to talk between different parts of itself (like the popup and the page). This is normal but requires careful handling to prevent data leaks.

Technical: Uses chrome.runtime.sendMessage or window.postMessage. If validation logic is weak, an attacker could inject malicious messages into the extension's context to steal tokens or trigger actions.

💡 Essential for architecture separating content scripts from background workers and UI panels.

Firebase Integration for Analytics/BackendLow

The extension connects to Firebase, which is commonly used for backend logic and analytics. This means your usage data might be aggregated and stored in Google's infrastructure.

Technical: Connection to 'wordtune-productionba9aa0eb.firebaseio.com'. Firebase Realtime Database or Firestore is likely used for syncing user preferences or storing temporary state. Data transmission depends on client-side SDK configuration.

💡 Standard practice for rapid development and backend hosting; widely adopted by startups.

Bottom Line

Wordtune Ai Paraphrasing is a legitimate productivity tool that solves a clear problem for writers, but it carries inherent risks due to its broad permissions. The extension requires trust in Wordtune's security practices because it has the technical ability to read all your browsing data. Users should only install this if they are comfortable with the developer's privacy policy and understand that 'all websites' access is a necessary evil for this type of tool.