WP-Safety

Docu Security & Risk Analysis

wordpress.org/plugins/docu

A simple Documentation Plugin

40 active installs v1.5 PHP + WP 3.9+ Updated Unknown
docdocsdocumentdocumentationdocuments
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Docu Safe to Use in 2026?

Generally Safe

Score 100/100

Docu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "docu" plugin v1.5 exhibits a mixed security posture. On the positive side, there are no reported vulnerabilities in its history, no dangerous functions are used, all SQL queries are properly prepared, and no external HTTP requests are made. This suggests a generally cautious approach to sensitive operations. However, the static analysis reveals significant concerns. The plugin has a notable attack surface with two AJAX handlers, both of which lack authentication checks. Additionally, only 27% of output is properly escaped, indicating a potential for cross-site scripting (XSS) vulnerabilities. The lack of capability checks on AJAX handlers is a critical oversight, potentially allowing unauthorized users to trigger sensitive plugin actions. While the absence of taint analysis findings and a clean vulnerability history are encouraging, the identified weaknesses in input validation and access control present immediate security risks.

Key Concerns

  • AJAX handlers without auth checks
  • Low output escaping coverage
  • AJAX handlers without capability checks
Vulnerabilities
None known

Docu Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Docu Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
24
9 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

27% escaped33 total outputs
Attack Surface
2 unprotected

Docu Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_order_categoriesincludes\sortable\sortable.php:104
authwp_ajax_order_docsincludes\sortable\sortable.php:131

Shortcodes 1

[docu] includes\shortcodes.php:32
WordPress Hooks 22
actionplugins_loadeddocu.php:32
filternext_post_linkincludes\docu-functions.php:40
filterprevious_post_linkincludes\docu-functions.php:41
filterthe_contentincludes\docu-functions.php:53
actiondocu_after_doc_contentincludes\docu-functions.php:65
actiondocu_after_term_descriptionincludes\docu-functions.php:179
filterpre_get_postsincludes\docu-functions.php:225
filterpre_get_postsincludes\docu-functions.php:247
actionwp_enqueue_scriptsincludes\load-js-css.php:5
actionwp_enqueue_scriptsincludes\load-js-css.php:6
actionadmin_enqueue_scriptsincludes\load-js-css.php:7
actionadmin_enqueue_scriptsincludes\load-js-css.php:8
actioninitincludes\post-types.php:43
filterenter_title_hereincludes\post-types.php:84
actioninitincludes\post-types.php:119
filterwp_list_categoriesincludes\post-types.php:162
actionadmin_enqueue_scriptsincludes\sortable\sortable.php:9
actioninitincludes\sortable\sortable.php:29
filterget_terms_orderbyincludes\sortable\sortable.php:30
actioninitincludes\sortable\sortable.php:34
filterpre_get_postsincludes\sortable\sortable.php:35
actionwidgets_initincludes\widgets.php:241
Maintenance & Trust

Docu Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedUnknown
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs40
Alternatives

Docu Alternatives

Knowledge Base documentation & wiki plugin – BasePress Docs

Knowledge Base documentation & wiki plugin – BasePress Docs

basepress

A
95

Easily create & manage documentation. Reduce support tickets & scale your customer support workload. This simple plugin works with any theme.

2K 4 CVEs
Smart Docs

Smart Docs

smart-docs

B
77

Knowledge Base & Documentation Plugin for WordPress.

70 1 unpatched
WP Documentation Lite

WP Documentation Lite

wp-documentation-lite

A
85

Creating online documentation has never been this easy!

10 No CVEs
BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor

betterdocs

A
86

A full-featured documentation plugin including AI writing assistance to create knowledge bases, docs, FAQs, wikis, and more with easy drag & drop UI.

40K 7 CVEs
WP Help

WP Help

wp-help

A
92

Site operators can create detailed, hierarchical documentation for the site's authors, editors, and contributors, viewable in the WordPress admin …

10K No CVEs
Developer Profile

Docu Developer Profile

dinamiko

3 plugins · 70 total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1246 days
View full developer profile
Detection Fingerprints

How We Detect Docu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/docu/assets/css/frontend.css/wp-content/plugins/docu/assets/js/imagesloaded.pkgd.min.js/wp-content/plugins/docu/assets/js/frontend.js/wp-content/plugins/docu/assets/css/admin.css/wp-content/plugins/docu/assets/js/admin.js/wp-content/plugins/docu/includes/sortable/css/sortable.css/wp-content/plugins/docu/includes/sortable/js/sortable-categories.js/wp-content/plugins/docu/includes/sortable/js/sortable-posts.js
Script Paths
/wp-content/plugins/docu/assets/js/frontend.js/wp-content/plugins/docu/assets/js/admin.js/wp-content/plugins/docu/includes/sortable/js/sortable-categories.js/wp-content/plugins/docu/includes/sortable/js/sortable-posts.js
Version Parameters
ver=1.0ver=3.1ver=1.0

HTML / DOM Fingerprints

HTML Comments
<!-- Admin --><!-- Frontend -->
JS Globals
window.docu_atts
Shortcode Output
[docu]
FAQ

Frequently Asked Questions about Docu