WP-Safety

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF Security & Risk Analysis

wordpress.org/plugins/document-engine

Document Engine is WordPress to PDF plugin that convert any post type to PDF format & can embed pdf document with PDF Viewer block

100 active installs v1.3 PHP 5.6+ WP 5.4+ Updated Aug 27, 2025
create-pdfgenerate-pdfpdf-makerpdf-viewerwordpress-to-pdf
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 3, 2025
Plugin page Download
Safety Verdict

Is Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF Safe to Use in 2026?

Generally Safe

Score 99/100

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 3, 2025Updated 7mo ago
Risk Assessment

The "document-engine" plugin v1.3 exhibits a generally strong security posture with good practices evident in its code. The plugin demonstrates a high percentage of properly escaped output and uses prepared statements for all SQL queries, which are excellent security controls. The absence of external HTTP requests and critical taint analysis findings further contribute to its positive security profile. The presence of a nonce check is also a positive indicator. However, there are a few areas for improvement. The lack of capability checks on any entry points is a significant concern, as it means any authenticated user, regardless of their role or permissions, could potentially interact with plugin functionalities. While the attack surface is small and the known vulnerability history shows only a medium-severity issue in the past, the absence of capability checks creates a potential for privilege escalation or unauthorized access if any of the entry points are manipulated by a malicious actor.

Key Concerns

  • No capability checks on entry points
  • One medium severity CVE in history
Vulnerabilities
1

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-58640medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Document Engine <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 3, 2025 Patched in 1.3 (7d)
Code Analysis
Analyzed Mar 16, 2026

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
341 escaped
Nonce Checks
1
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
1

Bundled Libraries

TCPDF

Output Escaping

95% escaped358 total outputs
Attack Surface

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[document_engine_pdf_column_break] includes\Shortcodes\ColumnsShortcode.php:51
WordPress Hooks 12
actionadmin_enqueue_scriptsincludes\Admin\Assets.php:11
actionadmin_menuincludes\Admin\Main.php:52
filterdocument_engine_settings_tabs_arrayincludes\Admin\Setting_Base.php:27
actioninitincludes\Assets.php:10
filterblock_categories_allincludes\Blocks.php:16
actioninitincludes\Blocks.php:18
filterdocument_engine_get_attachment_image_urlincludes\Generate_PDF.php:30
filterthe_contentincludes\Hooks\Template.php:11
filterquery_varsincludes\Hooks\Template.php:12
actionwpincludes\Hooks\Template.php:13
actioninitincludes\Main.php:43
actioninitincludes\Main.php:44
Maintenance & Trust

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 27, 2025
PHP min version5.6
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF Alternatives

PDF Embedder

PDF Embedder

pdf-embedder

A
100

Seamlessly embed PDFs into your content, with customizations and intelligent responsive resizing, and no third-party services or iframes.

300K 1 CVE
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

3d-flipbook-dflip-lite

A
95

Dear Flipbook creates PDF Flipbook, 3D Flipbook, PDF viewer, PDF embed for WordPress sites. Create impressive and realistic 3D flipbooks with PDFs.

100K 8 CVEs
3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery

3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery

interactive-3d-flipbook-powered-physics-engine

A
96

3D FlipBook is PDF Viewer, allowing to browse images, PDFs or HTMLs as flipbook. Flipbook attracts user attention and makes more impression on him.

80K 8 CVEs
Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files

embed-any-document

A
95

Embed PDF, DOC, PPT and XLS documents easily on your WordPress website with the help of Google Docs Viewer or Microsoft Office Online.

50K 4 CVEs
PDF Poster – Display PDF Files with Custom Viewer

PDF Poster – Display PDF Files with Custom Viewer

pdf-poster

A
100

PDF Poster lets you embed PDF files in WordPress using a responsive viewer and block support, including full-screen, download, and print options.

20K 1 CVE
Developer Profile

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF Developer Profile

MatrixAddons

4 plugins · 730 total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
21 days
View full developer profile
Detection Fingerprints

How We Detect Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/document-engine/vendor/font-awesome/css/fontawesome.min.css/wp-content/plugins/document-engine/css/frontend.css/wp-content/plugins/document-engine/build/blocks.min.js/wp-content/plugins/document-engine/admin/css/settings.css/wp-content/plugins/document-engine/vendor/ace/js/ace.js/wp-content/plugins/document-engine/admin/js/settings.js
Script Paths
/wp-content/plugins/document-engine/build/blocks.min.js/wp-content/plugins/document-engine/vendor/ace/js/ace.js/wp-content/plugins/document-engine/admin/js/settings.js
Version Parameters
document-engine/vendor/font-awesome/css/fontawesome.min.css?ver=document-engine/css/frontend.css?ver=document-engine/build/blocks.min.js?ver=document-engine/admin/css/settings.css?ver=document-engine/vendor/ace/js/ace.js?ver=document-engine/admin/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
document-engine-shortcode-wrapper
JS Globals
DocumentEnginePDFViewer
Shortcode Output
[document_engine_pdf_button][document_engine_pdf_remove][document_engine_pdf_page_break][document_engine_pdf_columns]
FAQ

Frequently Asked Questions about Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF