Does BSK PDF Manager have any unpatched vulnerabilities?

Yes — BSK PDF Manager currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is BSK PDF Manager compatible with WordPress 6.8.5?

According to WordPress.org data, BSK PDF Manager 3.7.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is BSK PDF Manager updated?

BSK PDF Manager was last updated on Nov 30, 2025. Frequent updates are generally a positive security signal.

What is BSK PDF Manager's security score?

BSK PDF Manager has a WP-Safety security score of 57/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BSK PDF Manager: 1 Unpatched CVE

Safety Verdict

Is BSK PDF Manager Safe to Use in 2026?

Use With Caution

Score 57/100

BSK PDF Manager has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

7 known CVEs 1 unpatched Last CVE: Feb 22, 2026Updated 5mo ago

Risk Assessment

The BSK PDF Manager plugin version 3.7.2 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for a high percentage of SQL queries and implementing nonce checks and capability checks on a significant portion of its entry points, there are areas of concern. The presence of the `unserialize` function, even if not immediately apparent in critical taint flows, poses a potential risk if user-controlled data can influence its input. The taint analysis reveals several flows with unsanitized paths and a few high-severity issues, indicating potential for exploitation if these paths are reachable by untrusted input.

The vulnerability history is a significant concern. The plugin has a history of 6 known CVEs, including one critical and one high severity. While there are currently no unpatched vulnerabilities, the historical pattern of Cross-site Scripting and SQL Injection vulnerabilities suggests a recurring weakness in input validation and output escaping, despite the reported high percentage of properly escaped outputs in the static analysis. The last known vulnerability was very recent, which suggests ongoing security challenges.

In conclusion, BSK PDF Manager version 3.7.2 has some strengths in its implementation of common security controls. However, the historical vulnerability record, coupled with the findings from taint analysis regarding unsanitized paths and high-severity flows, warrant caution. Developers should thoroughly review the identified taint flows and ensure robust input sanitization and output escaping for all user-influenced data, particularly around the `unserialize` function.

Key Concerns

High severity taint flows found
Unsanitized paths found in taint flows
Presence of 'unserialize' function
Historical critical severity CVE
Historical high severity CVE
Historical medium severity CVEs (4)
Common vulnerability types: XSS & SQLi

Vulnerabilities

7 published

BSK PDF Manager Security Vulnerabilities

CVEs by Year

2 CVEs in 2014

2014

1 CVE in 2021

2021

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Critical

1

High

1

Medium

5

7 total CVEs

CVE-2026-39686medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

BSK PDF Manager <= 3.7.2 - Unauthenticated Information Exposure

Feb 22, 2026Unpatched

CVE-2025-4970medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

Dec 11, 2025 Patched in 3.7.2 (1d)

CVE-2024-38767medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK PDF Manager <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 15, 2024 Patched in 3.6.1 (19d)

CVE-2023-5110medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK PDF Manager <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 23, 2023 Patched in 3.4.2 (92d)

CVE-2021-24860high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BSK PDF Manager <= 3.1.1 - Admin+ SQL Injection

Nov 1, 2021 Patched in 3.1.2 (813d)

CVE-2014-4944critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BSK PDF Manager <= 1.4 - Authenticated SQL Injection

Aug 1, 2014 Patched in 1.5 (3462d)

WF-667d964a-dba6-424a-b3f5-af433616c132-bsk-pdf-managermedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK PDF Manager 1.3 - 2.9 - Authenticated Stored Cross-Site Scripting

Aug 1, 2014 Patched in 2.9.1 (3462d)

Version History

BSK PDF Manager Release Timeline

v3.15 CVEs

CVE-2024-38767 CVE-2025-4970 CVE-2023-5110 +2 more

v2.56 CVEs

CVE-2024-38767 CVE-2025-4970 CVE-2023-5110 +3 more

Code Analysis

Analyzed Mar 16, 2026

BSK PDF Manager Code Analysis

Dangerous Functions

4

Raw SQL Queries

6

151 prepared

Unescaped Output

364

904 escaped

Nonce Checks

34

Capability Checks

16

File Operations

14

External Requests

1

Bundled Libraries

0

Dangerous Functions Found

unserialize$notify_auto_meta = $notification_obj->auto_meta ? unserialize( $notification_obj->auto_meta ) : falclasses\dashboard\notification.php:55

unserialize$send_to_type_meta = $notification_obj->send_to_type_meta ? unserialize( $notification_obj->send_to_classes\dashboard\notification.php:63

unserialize$auto_meta = unserialize( $notification->auto_meta );classes\dashboard\notifications.php:206

unserialize$send_to_meta = unserialize( $notification->send_to_type_meta );classes\dashboard\notifications.php:243

SQL Query Safety

96% prepared157 total queries

Output Escaping

71% escaped1268 total outputs

Data Flows · Security

16 unsanitized

Data Flow Analysis

25 flows16 with unsanitized paths

bsk_pdf_manager_pdfs_edit (classes\dashboard\dashboard.php:242)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BSK PDF Manager Attack Surface

Entry Points34

Unprotected0

AJAX Handlers 25

authwp_ajax_bsk_pdfm_notification_get_users_by_roleclasses\dashboard\notification.php:20

authwp_ajax_bsk_pdfm_notification_get_user_infoclasses\dashboard\notification.php:21

authwp_ajax_bsk_pdfm_notification_set_statusclasses\dashboard\notification.php:22

authwp_ajax_bsk_pdfm_notification_deleteclasses\dashboard\notification.php:23

authwp_ajax_bsk_pdfm_notification_sendclasses\dashboard\notification.php:24

authwp_ajax_bsk_pdfm_check_slugclasses\dashboard\pdf.php:16

authwp_ajax_bsk_pdfm_tag_validateclasses\dashboard\pdfm-tag.php:9

authwp_ajax_bsk_pdfm_cap_settings_get_custom_role_capabilitiesclasses\dashboard\settings\settings-capabilities.php:12

authwp_ajax_bsk_pdfm_cap_settings_role_special_capabilityclasses\dashboard\settings\settings-capabilities.php:13

authwp_ajax_bsk_pdfm_enable_available_categories_for_usersclasses\dashboard\settings\settings-capabilities.php:15

authwp_ajax_bsk_pdfm_get_users_by_roleclasses\dashboard\settings\settings-capabilities.php:16

authwp_ajax_bsk_pdfm_get_user_available_cats_checkboxsclasses\dashboard\settings\settings-capabilities.php:17

authwp_ajax_bsk_pdf_manager_settings_get_default_featured_imageclasses\dashboard\settings\settings-featured-image.php:12

authwp_ajax_pdfs_get_category_dropdownclasses\shortcodes\category\category-dropdown.php:9

noprivwp_ajax_pdfs_get_category_dropdownclasses\shortcodes\category\category-dropdown.php:10

authwp_ajax_pdfs_get_category_ulclasses\shortcodes\category\category-ul-ol.php:10

noprivwp_ajax_pdfs_get_category_ulclasses\shortcodes\category\category-ul-ol.php:11

authwp_ajax_pdfs_get_category_olclasses\shortcodes\category\category-ul-ol.php:12

noprivwp_ajax_pdfs_get_category_olclasses\shortcodes\category\category-ul-ol.php:13

authwp_ajax_pdfs_get_pdfs_dropdownclasses\shortcodes\pdfs\pdfs-dropdown.php:9

noprivwp_ajax_pdfs_get_pdfs_dropdownclasses\shortcodes\pdfs\pdfs-dropdown.php:10

authwp_ajax_pdfs_get_pdfs_ulclasses\shortcodes\pdfs\pdfs-ul-ol.php:10

noprivwp_ajax_pdfs_get_pdfs_ulclasses\shortcodes\pdfs\pdfs-ul-ol.php:11

authwp_ajax_pdfs_get_pdfs_olclasses\shortcodes\pdfs\pdfs-ul-ol.php:12

noprivwp_ajax_pdfs_get_pdfs_olclasses\shortcodes\pdfs\pdfs-ul-ol.php:13

Shortcodes 9

[bsk-pdfm-category-columns] classes\shortcodes\category\category-columns.php:6

[bsk-pdfm-category-dropdown] classes\shortcodes\category\category-dropdown.php:6

[bsk-pdfm-category-ul] classes\shortcodes\category\category-ul-ol.php:6

[bsk-pdfm-category-ol] classes\shortcodes\category\category-ul-ol.php:7

[bsk-pdfm-pdfs-embed] classes\shortcodes\embed\pdfs-embed.php:6

[bsk-pdfm-pdfs-columns] classes\shortcodes\pdfs\pdfs-columns.php:6

[bsk-pdfm-pdfs-dropdown] classes\shortcodes\pdfs\pdfs-dropdown.php:6

[bsk-pdfm-pdfs-ul] classes\shortcodes\pdfs\pdfs-ul-ol.php:6

[bsk-pdfm-pdfs-ol] classes\shortcodes\pdfs\pdfs-ul-ol.php:7

WordPress Hooks 32

actionadmin_noticesbsk-pdf-manager.php:108

actionadmin_enqueue_scriptsbsk-pdf-manager.php:109

actionwp_enqueue_scriptsbsk-pdf-manager.php:110

actionwidgets_initbsk-pdf-manager.php:138

actioninitbsk-pdf-manager.php:140

actionplugins_loadedbsk-pdf-manager.php:144

actionplugins_loadedbsk-pdf-manager.php:145

actionplugins_loadedbsk-pdf-manager.php:146

actioninitbsk-pdf-manager.php:147

actionbsk_pdf_manager_category_saveclasses\dashboard\category.php:8

actionadmin_menuclasses\dashboard\dashboard.php:142

filterscreen_settingsclasses\dashboard\dashboard.php:144

filterset-screen-optionclasses\dashboard\dashboard.php:145

actionwp_print_scriptsclasses\dashboard\dashboard.php:147

actionadmin_noticesclasses\dashboard\dashboard.php:517

actionbsk_pdf_manager_notification_saveclasses\dashboard\notification.php:18

actionadmin_noticesclasses\dashboard\pdf.php:13

actionbsk_pdf_manager_pdf_saveclasses\dashboard\pdf.php:14

actionbsk_pdf_manager_bulk_deleteclasses\dashboard\pdf.php:15

actionadmin_initclasses\dashboard\pdf.php:21

actionbsk_pdf_manager_tag_saveclasses\dashboard\pdfm-tag.php:10

actionadmin_noticesclasses\dashboard\promote.php:36

actionbsk_pdfm_free_schedule_check_promote_dailyclasses\dashboard\promote.php:41

actionbsk_pdf_manager_embedded_viewer_settings_saveclasses\dashboard\settings\settings-embeded-viewer.php:11

actionbsk_pdf_manager_register_image_sizes_saveclasses\dashboard\settings\settings-featured-image.php:11

actionbsk_pdf_manager_general_settings_saveclasses\dashboard\settings\settings-general.php:12

actionbsk_pdf_manager_permalink_settings_saveclasses\dashboard\settings\settings-permalinks.php:13

actionbsk_pdf_manager_styles_settings_saveclasses\dashboard\settings\settings-styles.php:12

actioninitclasses\permalink-access\permalink-access.php:11

filterquery_varsclasses\permalink-access\permalink-access.php:27

actionparse_requestclasses\permalink-access\permalink-access.php:28

actioninitclasses\permalink-access\permalink-access.php:29

Scheduled Events 1

bsk_pdfm_free_schedule_check_promote_daily

Maintenance & Trust

BSK PDF Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 30, 2025

PHP min version

Downloads432K

Community Trust

Rating90/100

Number of ratings45

Active installs7K

Alternatives

BSK PDF Manager Alternatives

PDF Rack – PDF Viewer, Document Manager & Embed PDF Files

pdf-rack

A

100

The all-in-one PDF manager for WordPress — upload, organize, and embed PDF documents with a beautiful responsive viewer. Works with Gutenberg, Element …

0 No CVEs

PDF Embedder

pdf-embedder

A

100

Seamlessly embed PDFs into your content, with customizations and intelligent responsive resizing, and no third-party services or iframes.

300K 1 CVE

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

embedpress

A

94

EmbedPress lets you embed videos, pages, social feeds, embed PDF 3D flipbooks & other content on WordPress without coding & enhance storytelling.

100K 27 CVEs

PDF Poster – Display PDF Files with Custom Viewer

pdf-poster

A

96

PDF Poster lets you embed PDF files in WordPress using a responsive viewer and block support, including full-screen, download, and print options.

20K 3 CVEs

Document Embedder – Embed PDFs, Word, Excel, and Other Files

document-emberdder

A

93

Document Embedder lets you display PDF, DOCX, PPTX, XLSX, and other files in WordPress sites with a responsive viewer and optional download button.

10K 4 CVEs

Developer Profile

BSK PDF Manager Developer Profile

bannersky

3 plugins · 8K total installs

68

trust score

Avg Security Score

84/100

Avg Patch Time

701 days

View full developer profile

Detection Fingerprints

How We Detect BSK PDF Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bsk-pdf-manager/css/bsk-pdf-manager-backend.css/wp-content/plugins/bsk-pdf-manager/css/bsk-pdf-manager-frontend.css/wp-content/plugins/bsk-pdf-manager/js/bsk-pdf-manager-backend.js/wp-content/plugins/bsk-pdf-manager/js/bsk-pdf-manager-frontend.js/wp-content/plugins/bsk-pdf-manager/images/ajax-loader.gif/wp-content/plugins/bsk-pdf-manager/images/default_PDF_icon.png/wp-content/plugins/bsk-pdf-manager/images/delete-2.png

Script Paths

/wp-content/plugins/bsk-pdf-manager/js/bsk-pdf-manager-backend.js/wp-content/plugins/bsk-pdf-manager/js/bsk-pdf-manager-frontend.js

Version Parameters

bsk-pdf-manager/css/bsk-pdf-manager-backend.css?ver=bsk-pdf-manager/css/bsk-pdf-manager-frontend.css?ver=bsk-pdf-manager/js/bsk-pdf-manager-backend.js?ver=bsk-pdf-manager/js/bsk-pdf-manager-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

bsk-pdf-manager-backendbsk-pdf-manager-frontendbsk_pdfm_dashboard_main

Data Attributes

data-bsk-pdf-iddata-bsk-pdf-category-id

JS Globals

bsk_pdf_manager_ajax_object

Shortcode Output

[bsk-pdf-manager][bsk-pdf-manager-category][bsk-pdf-manager-categories]

FAQ

BSK PDF Manager Security & Risk Analysis