Does DK PDF – WordPress PDF Generator have any unpatched vulnerabilities?

No. All known vulnerabilities in DK PDF – WordPress PDF Generator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DK PDF – WordPress PDF Generator compatible with WordPress 6.9.4?

According to WordPress.org data, DK PDF – WordPress PDF Generator 2.3.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is DK PDF – WordPress PDF Generator compatible with PHP 8.0+?

DK PDF – WordPress PDF Generator requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DK PDF – WordPress PDF Generator updated?

DK PDF – WordPress PDF Generator was last updated on Jan 15, 2026. Frequent updates are generally a positive security signal.

What is DK PDF – WordPress PDF Generator's security score?

DK PDF – WordPress PDF Generator has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DK PDF – WordPress PDF Generator Security & Risk Analysis

wordpress.org/plugins/dk-pdf

DK PDF allows your site visitors generate PDF files from WordPress posts, pages, custom post types and WooCommerce products using a button.

4K active installs v2.3.1 PHP 8.0+ WP 3.9+ Updated Jan 15, 2026

pdfpdf-generatorpost-to-pdfwoocommerce-pdfwordpress-pdf-generator

A · Safe

CVEs total2

Unpatched0

Last CVEJan 15, 2026

Download

Safety Verdict

Is DK PDF – WordPress PDF Generator Safe to Use in 2026?

Generally Safe

Score 98/100

DK PDF – WordPress PDF Generator has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 15, 2026Updated 2mo ago

Risk Assessment

The dk-pdf plugin exhibits a mixed security posture. While it demonstrates strong practices in areas like SQL query sanitization (100% prepared statements) and a significant majority of output escaping (85%), several critical concerns emerge from the static analysis and vulnerability history. A notable weakness is the presence of 7 unprotected AJAX handlers, representing a substantial attack surface that could be exploited without proper authentication. The taint analysis also reveals 4 flows with unsanitized paths, including 2 of high severity, indicating potential vulnerabilities related to improper input handling that could lead to data compromise or execution of unintended code. The plugin's vulnerability history, with 2 known medium severity CVEs, including SSRF and XSS, reinforces these concerns. Although there are no currently unpatched CVEs, the recurrence of these vulnerability types suggests a pattern of insecure input sanitization that needs to be addressed proactively. The bundled TCPDF library is another area to monitor, as outdated bundled libraries can introduce exploitable vulnerabilities.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Unsanitized paths in taint flows
Medium CVEs (SSRF/XSS) in history
Bundled outdated library (TCPDF)

Vulnerabilities

DK PDF – WordPress PDF Generator Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-14793medium · 5Server-Side Request Forgery (SSRF)

DK PDF – WordPress PDF Generator <= 2.3.0 - Authenticated (Author+) Server-Side Request Forgery

Jan 15, 2026 Patched in 2.3.1 (4d)

CVE-2024-8727medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DK PDF <= 1.9.6 - Reflected Cross-Site Scripting

Sep 30, 2024 Patched in 1.9.7 (5d)

Code Analysis

Analyzed Mar 16, 2026

DK PDF – WordPress PDF Generator Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

195 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertassert($settings instanceof Settings);modules\Admin\AdminModule.php:40

assertassert($metaboxes instanceof MetaBoxes);modules\Admin\AdminModule.php:45

assertassert($settings instanceof Settings);modules\Admin\AdminModule.php:58

assertassert($fontManager instanceof FontManager);modules\Admin\AdminModule.php:64

assertassert($settings instanceof Settings);modules\Admin\AdminModule.php:71

assertassert($settings instanceof Settings);modules\Admin\AdminModule.php:78

assertassert($helper instanceof \Dinamiko\DKPDF\Core\Helper);modules\Admin\AdminModule.php:86

assertassert($fontDownloader instanceof FontDownloader);modules\Admin\AdminModule.php:94

assertassert($fontDownloader instanceof FontDownloader);modules\Admin\AdminModule.php:102

assertassert($fontDownloader instanceof FontDownloader);modules\Admin\AdminModule.php:110

assertassert($fontManager instanceof FontManager);modules\Admin\AdminModule.php:118

assertassert($fontManager instanceof FontManager);modules\Admin\AdminModule.php:126

assertassert($fontManager instanceof FontManager);modules\Admin\AdminModule.php:134

assertassert( $helper instanceof Helper );modules\Core\CoreModule.php:22

assertassert( $button_manager instanceof ButtonManager );modules\Frontend\FrontendModule.php:24

assertassert( $asset_loader instanceof AssetLoader );modules\Frontend\FrontendModule.php:31

assertassert( $wordpress_integration instanceof WordPressIntegration );modules\Frontend\FrontendModule.php:50

assertassert($generator instanceof Generator);modules\PDF\PDFModule.php:33

assertassert( $shortcode_manager instanceof ShortcodeManager );modules\Shortcode\ShortcodeModule.php:22

assertassert( $integration instanceof Integration );modules\WooCommerce\WooCommerceModule.php:26

Bundled Libraries

TCPDF

SQL Query Safety

100% prepared2 total queries

Output Escaping

85% escaped229 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

settings_page (modules\Admin\Settings.php:683)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

DK PDF – WordPress PDF Generator Attack Surface

Entry Points13

Unprotected7

AJAX Handlers 7

authwp_ajax_dkpdf_get_custom_fieldsmodules\Admin\AdminModule.php:84

authwp_ajax_dkpdf_download_fontsmodules\Admin\AdminModule.php:92

authwp_ajax_dkpdf_download_progressmodules\Admin\AdminModule.php:100

authwp_ajax_dkpdf_check_fonts_statusmodules\Admin\AdminModule.php:108

authwp_ajax_dkpdf_upload_fontmodules\Admin\AdminModule.php:116

authwp_ajax_dkpdf_delete_fontmodules\Admin\AdminModule.php:124

authwp_ajax_dkpdf_list_fontsmodules\Admin\AdminModule.php:132

Shortcodes 6

[dkpdf-columnbreak] modules\Shortcode\ShortcodeManager.php:130

[dkpdf-button] modules\Shortcode\ShortcodeModule.php:24

[dkpdf-remove] modules\Shortcode\ShortcodeModule.php:28

[dkpdf-pagebreak] modules\Shortcode\ShortcodeModule.php:32

[dkpdf-columns] modules\Shortcode\ShortcodeModule.php:36

[dkpdf-columnbreak] modules\Shortcode\ShortcodeModule.php:40

WordPress Hooks 26

actionplugins_loadeddk-pdf.php:65

actioninitmodules\Admin\AdminModule.php:31

actioninitmodules\Admin\AdminModule.php:38

actionadd_meta_boxesmodules\Admin\AdminModule.php:47

actionsave_postmodules\Admin\AdminModule.php:51

actionadmin_initmodules\Admin\AdminModule.php:56

actionadmin_menumodules\Admin\AdminModule.php:69

filterdkpdf_settings_fieldsmodules\ButtonVisibility\ButtonVisibilityModule.php:20

actionadmin_enqueue_scriptsmodules\ButtonVisibility\ButtonVisibilityModule.php:56

filterthe_contentmodules\ButtonVisibility\ButtonVisibilityModule.php:59

filterget_the_archive_descriptionmodules\ButtonVisibility\ButtonVisibilityModule.php:62

filterdo_shortcode_tagmodules\ButtonVisibility\ButtonVisibilityModule.php:65

actionwpmodules\ButtonVisibility\ButtonVisibilityModule.php:68

filterdkpdf_get_custom_fields_displaymodules\Core\CoreModule.php:25

filterthe_contentmodules\Frontend\FrontendModule.php:26

actionwp_enqueue_scriptsmodules\Frontend\FrontendModule.php:33

actionwp_enqueue_scriptsmodules\Frontend\FrontendModule.php:37

actionadmin_enqueue_scriptsmodules\Frontend\FrontendModule.php:41

actionadmin_enqueue_scriptsmodules\Frontend\FrontendModule.php:45

filterquery_varsmodules\Frontend\FrontendModule.php:52

filterdkpdf_content_templatemodules\Frontend\FrontendModule.php:56

filterget_the_archive_descriptionmodules\Frontend\FrontendModule.php:60

actionwpmodules\PDF\PDFModule.php:31

filterdkpdf_content_templatemodules\WooCommerce\WooCommerceModule.php:28

actionwoocommerce_before_shop_loopmodules\WooCommerce\WooCommerceModule.php:32

actionwoocommerce_product_meta_startmodules\WooCommerce\WooCommerceModule.php:36

Maintenance & Trust

DK PDF – WordPress PDF Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 15, 2026

PHP min version8.0

Downloads105K

Community Trust

Rating92/100

Number of ratings43

Active installs4K

Alternatives

DK PDF – WordPress PDF Generator Alternatives

PDF Generator for WordPress Elementor

pdf-generator-addon-for-elementor-page-builder

The ultimate WordPress PDF generator for Elementor. Easily export to PDF, add a download button, and convert WooCommerce products to PDF.

1K 3 CVEs

WP PDF Generator

wp-pdf-generator

Simply helps you to get your web page download as pdf

1K 1 CVE

PDF Generator for Posts & Pages – Export Any Post Type to PDF

post-to-pdf

Add a one-click PDF download button to any post, page, or custom post type. Includes a visual layout builder, ACF field support, color control, and sh …

90 1 CVE

WPMK PDF Generator

wpmk-pdf-generator

This Free Plugin will provide you to add download html to pdf

80 1 unpatched

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

print-invoices-packing-slip-labels-for-woocommerce

Auto-generate and attach WooCommerce PDF invoices and packing slips to order emails with customizable templates & bulk print options.

60K 6 CVEs

Developer Profile

DK PDF – WordPress PDF Generator Developer Profile

Torsten Chmielewski Bulk

1 plugin · 4K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect DK PDF – WordPress PDF Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dk-pdf/build/admin-style.css/wp-content/plugins/dk-pdf/build/admin-settings.js/wp-content/plugins/dk-pdf/build/admin-font-manager.js

Script Paths

/wp-content/plugins/dk-pdf/build/admin-settings.js/wp-content/plugins/dk-pdf/build/admin-font-manager.js

Version Parameters

dk-pdf/build/admin-style.css?ver=dk-pdf/build/admin-settings.js?ver=dk-pdf/build/admin-font-manager.js?ver=

HTML / DOM Fingerprints

CSS Classes

dkpdf-settings-page

JS Globals

dkpdf_ajax

FAQ

DK PDF – WordPress PDF Generator Security & Risk Analysis

Is DK PDF – WordPress PDF Generator Safe to Use in 2026?

Generally Safe

Key Concerns

DK PDF – WordPress PDF Generator Security Vulnerabilities

CVEs by Year

Severity Breakdown

DK PDF – WordPress PDF Generator Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

DK PDF – WordPress PDF Generator Attack Surface

AJAX Handlers 7

Shortcodes 6

DK PDF – WordPress PDF Generator Maintenance & Trust

Maintenance Signals

Community Trust

DK PDF – WordPress PDF Generator Alternatives

PDF Generator for WordPress Elementor

WP PDF Generator

PDF Generator for Posts & Pages – Export Any Post Type to PDF

WPMK PDF Generator

WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels

DK PDF – WordPress PDF Generator Developer Profile

How We Detect DK PDF – WordPress PDF Generator

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about DK PDF – WordPress PDF Generator