Does DOAJ Export have any unpatched vulnerabilities?

Yes — DOAJ Export currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is DOAJ Export compatible with WordPress 2.6?

According to WordPress.org data, DOAJ Export 1.0.4 has been tested up to WordPress 2.6. Check the plugin's changelog for the latest compatibility information.

How often is DOAJ Export updated?

DOAJ Export was last updated on Nov 3, 2008. Frequent updates are generally a positive security signal.

What is DOAJ Export's security score?

DOAJ Export has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DOAJ Export Security & Risk Analysis

wordpress.org/plugins/doaj-export

Adds a feed for exporting your data using the DOAJ article XML schema.

40 active installs v1.0.4 PHP + WP 2.3+ Updated Nov 3, 2008

doajjournalmetadataopen-accessxml

C · Use Caution

CVEs total1

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is DOAJ Export Safe to Use in 2026?

Use With Caution

Score 63/100

DOAJ Export has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 17yr ago

Risk Assessment

The "doaj-export" v1.0.4 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no identified attack surface points, dangerous functions, file operations, external HTTP requests, or bundled libraries. All SQL queries are correctly using prepared statements, and taint analysis shows no concerning flows. This indicates a potentially well-secured codebase in these areas.

However, significant concerns arise from the complete lack of output escaping and the absence of nonce and capability checks. The fact that 0% of the 9 total outputs are properly escaped poses a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with no capability checks on potential entry points. The plugin's vulnerability history, which includes a medium-severity XSS vulnerability that remains unpatched, further amplifies this concern. This pattern suggests a recurring issue with handling user-supplied data securely, and the fact that it is unpatched is a critical oversight.

In conclusion, while the plugin avoids common pitfalls like raw SQL or exposed attack vectors, the critical lack of output escaping and the unpatched XSS vulnerability present a substantial security risk. The absence of nonce and capability checks also weakens its defenses against various attack vectors. The plugin's history points to a need for more robust security practices, particularly in input validation and output sanitization.

Key Concerns

Unpatched CVE (Medium Severity)
Output escaping missing (9 outputs)
No nonce checks
No capability checks

Vulnerabilities

DOAJ Export Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58256medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DOAJ Export <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

DOAJ Export Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped9 total outputs

Attack Surface

DOAJ Export Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actiongenerate_rewrite_rulesdoaj.php:26

actionadmin_menudoaj.php:42

actioninitdoaj.php:43

Maintenance & Trust

DOAJ Export Maintenance & Trust

Maintenance Signals

WordPress version tested2.6

Last updatedNov 3, 2008

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

DOAJ Export Alternatives

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.

10.0M 18 CVEs

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs

XML Sitemap Generator for Google

google-sitemap-generator

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M 3 CVEs

SiteSEO – SEO Simplified

siteseo

SiteSEO is an easy, fast and powerful SEO plugin for WordPress. Unlock your Website's potential and Maximize your online visibility with our SiteSEO!

500K 4 CVEs

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE

Developer Profile

DOAJ Export Developer Profile

Jonathan Brinley

6 plugins · 1K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect DOAJ Export

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

Generated by the DOAJ Export WordPress plugin.
    http://wordpress.org/extend/plugins/doaj-export/

Data Attributes

language="eng

Shortcode Output

<records><record><language>eng<publisher>

FAQ