Does codoc have any unpatched vulnerabilities?

No. All known vulnerabilities in codoc have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is codoc compatible with WordPress 6.8.5?

According to WordPress.org data, codoc 0.9.58 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is codoc compatible with PHP 5.4+?

codoc requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is codoc updated?

codoc was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is codoc's security score?

codoc has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

codoc Security & Risk Analysis

wordpress.org/plugins/codoc

A WordPress plugin for monetizing your website with paid articles, Reader Plans, and tipping.

2K active installs v0.9.58 PHP 5.4+ WP 4.6+ Updated Mar 12, 2026

digital-downloadsmembershippaywallsubscriptiontipping

A · Safe

CVEs total1

Unpatched0

Last CVEJul 10, 2024

Plugin page Download

Safety Verdict

Is codoc Safe to Use in 2026?

Generally Safe

Score 99/100

codoc has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 10, 2024Updated 23d ago

Risk Assessment

The 'codoc' plugin v0.9.58 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and generally performing output escaping, there are significant areas of concern. The presence of an unprotected AJAX handler represents a direct entry point that an attacker could potentially exploit without any authentication or authorization checks, increasing the risk of unauthorized actions or information disclosure. The plugin's vulnerability history includes a past medium-severity CVE related to Cross-site Scripting, indicating a potential weakness in input sanitization or output encoding that, while currently patched, suggests past vulnerabilities and a need for ongoing vigilance.

Overall, the plugin has a moderately good foundation with its handling of SQL and file operations. However, the single unprotected AJAX endpoint is a critical flaw that could be leveraged for malicious purposes. The past XSS vulnerability, even though patched, is a historical indicator that the codebase might have latent vulnerabilities or requires thorough review of its sanitization and escaping mechanisms. The relatively small attack surface is a positive, but the unprotected entry point significantly elevates the risk associated with this plugin.

Key Concerns

Unprotected AJAX handler found
Past medium severity XSS vulnerability

Vulnerabilities

codoc Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-37961medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

codoc <= 0.9.51.12 - Reflected Cross-Site Scripting

Jul 10, 2024 Patched in 0.9.52 (10d)

Code Analysis

Analyzed Mar 16, 2026

codoc Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

198 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

76% escaped259 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

add_settings (class-codoc.php:152)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

codoc Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_dismiss_codoc_notificationclass-codoc.php:177

Shortcodes 1

[codoc] class-codoc.php:82

WordPress Hooks 23

actionplugins_loadedclass-codoc.php:5

filterthe_contentclass-codoc.php:29

filterthe_contentclass-codoc.php:31

filtercodoc_the_contentclass-codoc.php:33

filterexcerpt_allowed_blocksclass-codoc.php:36

actionsave_postclass-codoc.php:42

actionadded_post_metaclass-codoc.php:43

actionupdated_post_metaclass-codoc.php:44

actiondeleted_post_metaclass-codoc.php:45

actionwp_enqueue_scriptsclass-codoc.php:61

filterscript_loader_tagclass-codoc.php:80

filterbody_classclass-codoc.php:84

actionadmin_menuclass-codoc.php:154

actionadmin_print_stylesclass-codoc.php:171

actionadmin_footerclass-codoc.php:183

actionadmin_initclass-codoc.php:198

actionupdated_optionclass-codoc.php:797

actionadmin_enqueue_scriptsclass-codoc.php:826

filtermce_external_pluginsclass-codoc.php:870

filtermce_buttonsclass-codoc.php:875

filtertiny_mce_before_initclass-codoc.php:881

actionenqueue_block_editor_assetssrc\init.php:67

actionenqueue_block_assetssrc\init.php:85

Maintenance & Trust

codoc Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 12, 2026

PHP min version5.4

Downloads69K

Community Trust

Rating0/100

Number of ratings0

Active installs2K

Alternatives

codoc Alternatives

Memberful – Membership Plugin

memberful-wp

Sell memberships and restrict access to content with WordPress and Memberful.

1K 3 CVEs

Leaky Paywall

leaky-paywall

The subscription engine for news & niche publishers.

800 5 CVEs

Wallkit Subscriptions & Paywall Plugin for WordPress

wallkit

A Plug & Play paid-content system to manage subscribers, gather fees and drive additional content sales.

20 No CVEs

Pelcro: Content Subscription Platform

pay-to-view

The #1 Content Subscription Platform. All the tools you need to drive subscription revenue from your audience. Setup a membership paywall in minutes.

10 No CVEs

Bora Bora

bora-bora

100

Bora Bora helps you manage and monetize your online community. Protect content, manage memberships and connect your WordPress site to your Bora-Bora.

0 No CVEs

Developer Profile

codoc Developer Profile

codoc

1 plugin · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect codoc

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/codoc/src/css/codoc-editor.css/wp-content/plugins/codoc/src/css/codoc-editor.min.css/wp-content/plugins/codoc/src/css/codoc-free.css/wp-content/plugins/codoc/src/css/codoc-free.min.css/wp-content/plugins/codoc/src/css/codoc-premium.css/wp-content/plugins/codoc/src/css/codoc-premium.min.css/wp-content/plugins/codoc/src/css/codoc-styles.css/wp-content/plugins/codoc/src/css/codoc-styles.min.css+8 more

Script Paths

https://codoc.jp/js/cms.jshttps://codoc.jp/js/cms-connect.js

HTML / DOM Fingerprints

CSS Classes

codoc-theme-rainbow-square

Data Attributes

data-cssdata-connect-codedata-connect-registration-modedata-usercodedata-codoc-id

JS Globals

codoc

Shortcode Output

[codoc]

FAQ