WP-Safety

BSK PDF Manager Security & Risk Analysis

wordpress.org/plugins/bsk-pdf-manager

Manage your PDFs / documents by category, can be display in list, columns and dropdown. Easy to embed a PDF contnet into post / page.

7K active installs v3.7.2 PHP + WP 5.3+ Updated Nov 30, 2025
data-sheets-toolembed-pdfmeeting-minutes-toolpdf-managerprintable-forms-tool
86
A · Safe
CVEs total6
Unpatched0
Last CVEDec 11, 2025
Plugin page Download
Safety Verdict

Is BSK PDF Manager Safe to Use in 2026?

Generally Safe

Score 86/100

BSK PDF Manager has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Dec 11, 2025Updated 4mo ago
Risk Assessment

The BSK PDF Manager plugin version 3.7.2 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for a high percentage of SQL queries and implementing nonce checks and capability checks on a significant portion of its entry points, there are areas of concern. The presence of the `unserialize` function, even if not immediately apparent in critical taint flows, poses a potential risk if user-controlled data can influence its input. The taint analysis reveals several flows with unsanitized paths and a few high-severity issues, indicating potential for exploitation if these paths are reachable by untrusted input.

The vulnerability history is a significant concern. The plugin has a history of 6 known CVEs, including one critical and one high severity. While there are currently no unpatched vulnerabilities, the historical pattern of Cross-site Scripting and SQL Injection vulnerabilities suggests a recurring weakness in input validation and output escaping, despite the reported high percentage of properly escaped outputs in the static analysis. The last known vulnerability was very recent, which suggests ongoing security challenges.

In conclusion, BSK PDF Manager version 3.7.2 has some strengths in its implementation of common security controls. However, the historical vulnerability record, coupled with the findings from taint analysis regarding unsanitized paths and high-severity flows, warrant caution. Developers should thoroughly review the identified taint flows and ensure robust input sanitization and output escaping for all user-influenced data, particularly around the `unserialize` function.

Key Concerns

  • High severity taint flows found
  • Unsanitized paths found in taint flows
  • Presence of 'unserialize' function
  • Historical critical severity CVE
  • Historical high severity CVE
  • Historical medium severity CVEs (4)
  • Common vulnerability types: XSS & SQLi
Vulnerabilities
6

BSK PDF Manager Security Vulnerabilities

CVEs by Year

2 CVEs in 2014
2014
1 CVE in 2021
2021
1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
4

6 total CVEs

CVE-2025-4970medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload

Dec 11, 2025 Patched in 3.7.2 (1d)
CVE-2024-38767medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK PDF Manager <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 15, 2024 Patched in 3.6.1 (19d)
CVE-2023-5110medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK PDF Manager <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 23, 2023 Patched in 3.4.2 (92d)
CVE-2021-24860high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BSK PDF Manager <= 3.1.1 - Admin+ SQL Injection

Nov 1, 2021 Patched in 3.1.2 (813d)
CVE-2014-4944critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BSK PDF Manager <= 1.4 - Authenticated SQL Injection

Aug 1, 2014 Patched in 1.5 (3462d)
WF-667d964a-dba6-424a-b3f5-af433616c132-bsk-pdf-managermedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BSK PDF Manager 1.3 - 2.9 - Authenticated Stored Cross-Site Scripting

Aug 1, 2014 Patched in 2.9.1 (3462d)
Code Analysis
Analyzed Mar 16, 2026

BSK PDF Manager Code Analysis

Dangerous Functions
4
Raw SQL Queries
6
151 prepared
Unescaped Output
364
904 escaped
Nonce Checks
34
Capability Checks
16
File Operations
14
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$notify_auto_meta = $notification_obj->auto_meta ? unserialize( $notification_obj->auto_meta ) : falclasses\dashboard\notification.php:55
unserialize$send_to_type_meta = $notification_obj->send_to_type_meta ? unserialize( $notification_obj->send_to_classes\dashboard\notification.php:63
unserialize$auto_meta = unserialize( $notification->auto_meta );classes\dashboard\notifications.php:206
unserialize$send_to_meta = unserialize( $notification->send_to_type_meta );classes\dashboard\notifications.php:243

SQL Query Safety

96% prepared157 total queries

Output Escaping

71% escaped1268 total outputs
Data Flows
16 unsanitized

Data Flow Analysis

25 flows16 with unsanitized paths
bsk_pdf_manager_pdfs_edit (classes\dashboard\dashboard.php:242)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BSK PDF Manager Attack Surface

Entry Points34
Unprotected0

AJAX Handlers 25

authwp_ajax_bsk_pdfm_notification_get_users_by_roleclasses\dashboard\notification.php:20
authwp_ajax_bsk_pdfm_notification_get_user_infoclasses\dashboard\notification.php:21
authwp_ajax_bsk_pdfm_notification_set_statusclasses\dashboard\notification.php:22
authwp_ajax_bsk_pdfm_notification_deleteclasses\dashboard\notification.php:23
authwp_ajax_bsk_pdfm_notification_sendclasses\dashboard\notification.php:24
authwp_ajax_bsk_pdfm_check_slugclasses\dashboard\pdf.php:16
authwp_ajax_bsk_pdfm_tag_validateclasses\dashboard\pdfm-tag.php:9
authwp_ajax_bsk_pdfm_cap_settings_get_custom_role_capabilitiesclasses\dashboard\settings\settings-capabilities.php:12
authwp_ajax_bsk_pdfm_cap_settings_role_special_capabilityclasses\dashboard\settings\settings-capabilities.php:13
authwp_ajax_bsk_pdfm_enable_available_categories_for_usersclasses\dashboard\settings\settings-capabilities.php:15
authwp_ajax_bsk_pdfm_get_users_by_roleclasses\dashboard\settings\settings-capabilities.php:16
authwp_ajax_bsk_pdfm_get_user_available_cats_checkboxsclasses\dashboard\settings\settings-capabilities.php:17
authwp_ajax_bsk_pdf_manager_settings_get_default_featured_imageclasses\dashboard\settings\settings-featured-image.php:12
authwp_ajax_pdfs_get_category_dropdownclasses\shortcodes\category\category-dropdown.php:9
noprivwp_ajax_pdfs_get_category_dropdownclasses\shortcodes\category\category-dropdown.php:10
authwp_ajax_pdfs_get_category_ulclasses\shortcodes\category\category-ul-ol.php:10
noprivwp_ajax_pdfs_get_category_ulclasses\shortcodes\category\category-ul-ol.php:11
authwp_ajax_pdfs_get_category_olclasses\shortcodes\category\category-ul-ol.php:12
noprivwp_ajax_pdfs_get_category_olclasses\shortcodes\category\category-ul-ol.php:13
authwp_ajax_pdfs_get_pdfs_dropdownclasses\shortcodes\pdfs\pdfs-dropdown.php:9
noprivwp_ajax_pdfs_get_pdfs_dropdownclasses\shortcodes\pdfs\pdfs-dropdown.php:10
authwp_ajax_pdfs_get_pdfs_ulclasses\shortcodes\pdfs\pdfs-ul-ol.php:10
noprivwp_ajax_pdfs_get_pdfs_ulclasses\shortcodes\pdfs\pdfs-ul-ol.php:11
authwp_ajax_pdfs_get_pdfs_olclasses\shortcodes\pdfs\pdfs-ul-ol.php:12
noprivwp_ajax_pdfs_get_pdfs_olclasses\shortcodes\pdfs\pdfs-ul-ol.php:13

Shortcodes 9

[bsk-pdfm-category-columns] classes\shortcodes\category\category-columns.php:6
[bsk-pdfm-category-dropdown] classes\shortcodes\category\category-dropdown.php:6
[bsk-pdfm-category-ul] classes\shortcodes\category\category-ul-ol.php:6
[bsk-pdfm-category-ol] classes\shortcodes\category\category-ul-ol.php:7
[bsk-pdfm-pdfs-embed] classes\shortcodes\embed\pdfs-embed.php:6
[bsk-pdfm-pdfs-columns] classes\shortcodes\pdfs\pdfs-columns.php:6
[bsk-pdfm-pdfs-dropdown] classes\shortcodes\pdfs\pdfs-dropdown.php:6
[bsk-pdfm-pdfs-ul] classes\shortcodes\pdfs\pdfs-ul-ol.php:6
[bsk-pdfm-pdfs-ol] classes\shortcodes\pdfs\pdfs-ul-ol.php:7
WordPress Hooks 32
actionadmin_noticesbsk-pdf-manager.php:108
actionadmin_enqueue_scriptsbsk-pdf-manager.php:109
actionwp_enqueue_scriptsbsk-pdf-manager.php:110
actionwidgets_initbsk-pdf-manager.php:138
actioninitbsk-pdf-manager.php:140
actionplugins_loadedbsk-pdf-manager.php:144
actionplugins_loadedbsk-pdf-manager.php:145
actionplugins_loadedbsk-pdf-manager.php:146
actioninitbsk-pdf-manager.php:147
actionbsk_pdf_manager_category_saveclasses\dashboard\category.php:8
actionadmin_menuclasses\dashboard\dashboard.php:142
filterscreen_settingsclasses\dashboard\dashboard.php:144
filterset-screen-optionclasses\dashboard\dashboard.php:145
actionwp_print_scriptsclasses\dashboard\dashboard.php:147
actionadmin_noticesclasses\dashboard\dashboard.php:517
actionbsk_pdf_manager_notification_saveclasses\dashboard\notification.php:18
actionadmin_noticesclasses\dashboard\pdf.php:13
actionbsk_pdf_manager_pdf_saveclasses\dashboard\pdf.php:14
actionbsk_pdf_manager_bulk_deleteclasses\dashboard\pdf.php:15
actionadmin_initclasses\dashboard\pdf.php:21
actionbsk_pdf_manager_tag_saveclasses\dashboard\pdfm-tag.php:10
actionadmin_noticesclasses\dashboard\promote.php:36
actionbsk_pdfm_free_schedule_check_promote_dailyclasses\dashboard\promote.php:41
actionbsk_pdf_manager_embedded_viewer_settings_saveclasses\dashboard\settings\settings-embeded-viewer.php:11
actionbsk_pdf_manager_register_image_sizes_saveclasses\dashboard\settings\settings-featured-image.php:11
actionbsk_pdf_manager_general_settings_saveclasses\dashboard\settings\settings-general.php:12
actionbsk_pdf_manager_permalink_settings_saveclasses\dashboard\settings\settings-permalinks.php:13
actionbsk_pdf_manager_styles_settings_saveclasses\dashboard\settings\settings-styles.php:12
actioninitclasses\permalink-access\permalink-access.php:11
filterquery_varsclasses\permalink-access\permalink-access.php:27
actionparse_requestclasses\permalink-access\permalink-access.php:28
actioninitclasses\permalink-access\permalink-access.php:29

Scheduled Events 1

bsk_pdfm_free_schedule_check_promote_daily
Maintenance & Trust

BSK PDF Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 30, 2025
PHP min version
Downloads430K

Community Trust

Rating90/100
Number of ratings45
Active installs7K
Alternatives

BSK PDF Manager Alternatives

PDF Rack – PDF Viewer, Document Manager & Embed PDF Files

PDF Rack – PDF Viewer, Document Manager & Embed PDF Files

pdf-rack

A
100

The all-in-one PDF manager for WordPress — upload, organize, and embed PDF documents with a beautiful responsive viewer. Works with Gutenberg, Element &hellip;

0 No CVEs
PDF Embedder

PDF Embedder

pdf-embedder

A
100

Seamlessly embed PDFs into your content, with customizations and intelligent responsive resizing, and no third-party services or iframes.

300K 1 CVE
EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

embedpress

A
94

EmbedPress lets you embed videos, pages, social feeds, embed PDF 3D flipbooks & other content on WordPress without coding & enhance storytelling.

100K 27 CVEs
PDF Poster – Display PDF Files with Custom Viewer

PDF Poster – Display PDF Files with Custom Viewer

pdf-poster

A
100

PDF Poster lets you embed PDF files in WordPress using a responsive viewer and block support, including full-screen, download, and print options.

20K 1 CVE
Document Embedder – Embed PDFs, Word, Excel, and Other Files

Document Embedder – Embed PDFs, Word, Excel, and Other Files

document-emberdder

A
93

Document Embedder lets you display PDF, DOCX, PPTX, XLSX, and other files in WordPress sites with a responsive viewer and optional download button.

10K 4 CVEs
Developer Profile

BSK PDF Manager Developer Profile

bannersky

3 plugins · 8K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
701 days
View full developer profile
Detection Fingerprints

How We Detect BSK PDF Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bsk-pdf-manager/css/bsk-pdf-manager-backend.css/wp-content/plugins/bsk-pdf-manager/css/bsk-pdf-manager-frontend.css/wp-content/plugins/bsk-pdf-manager/js/bsk-pdf-manager-backend.js/wp-content/plugins/bsk-pdf-manager/js/bsk-pdf-manager-frontend.js/wp-content/plugins/bsk-pdf-manager/images/ajax-loader.gif/wp-content/plugins/bsk-pdf-manager/images/default_PDF_icon.png/wp-content/plugins/bsk-pdf-manager/images/delete-2.png
Script Paths
/wp-content/plugins/bsk-pdf-manager/js/bsk-pdf-manager-backend.js/wp-content/plugins/bsk-pdf-manager/js/bsk-pdf-manager-frontend.js
Version Parameters
bsk-pdf-manager/css/bsk-pdf-manager-backend.css?ver=bsk-pdf-manager/css/bsk-pdf-manager-frontend.css?ver=bsk-pdf-manager/js/bsk-pdf-manager-backend.js?ver=bsk-pdf-manager/js/bsk-pdf-manager-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
bsk-pdf-manager-backendbsk-pdf-manager-frontendbsk_pdfm_dashboard_main
Data Attributes
data-bsk-pdf-iddata-bsk-pdf-category-id
JS Globals
bsk_pdf_manager_ajax_object
Shortcode Output
[bsk-pdf-manager][bsk-pdf-manager-category][bsk-pdf-manager-categories]
FAQ

Frequently Asked Questions about BSK PDF Manager