Does Document Repository have any unpatched vulnerabilities?

No. All known vulnerabilities in Document Repository have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Document Repository compatible with WordPress 3.5.2?

According to WordPress.org data, Document Repository 0.2.4.1 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Document Repository updated?

Document Repository was last updated on Apr 3, 2013. Frequent updates are generally a positive security signal.

What is Document Repository's security score?

Document Repository has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Document Repository Security & Risk Analysis

wordpress.org/plugins/document-repository

Turn a WordPress site into a revisioned document repository.

10 active installs v0.2.4.1 PHP + WP 3.2+ Updated Apr 3, 2013

custommediapostrevision

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Document Repository Safe to Use in 2026?

Generally Safe

Score 85/100

Document Repository has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The document-repository plugin v0.2.5 exhibits a generally good security posture with no known vulnerabilities in its history. The static analysis reveals a very small attack surface, with zero unprotected entry points across AJAX handlers, REST API routes, shortcodes, and cron events. This indicates strong foundational security practices in limiting external interaction points.

However, the code analysis does highlight some areas for concern. A significant portion of SQL queries (29%) are not using prepared statements, which could be susceptible to SQL injection if user input is not strictly validated. Additionally, 40% of output operations are not properly escaped, creating potential for cross-site scripting (XSS) vulnerabilities. The taint analysis further flags two high-severity flows, indicating that unsanitized data is potentially being used in sensitive operations, despite the absence of critical severity issues. The presence of file operations and nonce checks, while present, should be carefully reviewed to ensure they are implemented correctly and securely.

In conclusion, while the plugin's lack of historical vulnerabilities and minimal attack surface are positive indicators, the identified code quality issues in SQL usage and output escaping, coupled with high-severity taint flows, warrant attention. Addressing these specific areas will be crucial in strengthening the plugin's overall security and preventing potential exploits.

Key Concerns

SQL queries not using prepared statements
Output escaping is not properly handled
High severity taint flows found

Vulnerabilities

None known

Document Repository Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Document Repository Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

71% prepared14 total queries

Output Escaping

60% escaped45 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

media_library (document-repository.php:80)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Document Repository Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 41

actioninitcustom-taxonomies.php:29

actiondocument_search_widgetcustom-taxonomies.php:93

actionsave_postcustom-taxonomies.php:94

filterpost_updated_messagescustom-taxonomies.php:95

filterthe_contentcustom-taxonomies.php:96

filterdocument_search_query_varscustom-taxonomies.php:97

actioninitdocument-repository.php:54

filterthe_contentdocument-repository.php:55

actioninitdocument-repository.php:58

actionwpdocument-repository.php:61

actionadmin_enqueue_scriptsdocument-repository.php:62

actionadmin_menudocument-repository.php:63

actionadmin_head_media_upload_type_formdocument-repository.php:64

actionadd_attachmentdocument-repository.php:65

filterpre_site_option_mu_media_buttonsdocument-repository.php:66

filtermedia_upload_tabsdocument-repository.php:67

actionmedia_buttonsdocument-repository.php:68

filterumw_document_rewrite_rulesdocument-repository.php:69

filterwp_handle_upload_prefilterdocument-repository.php:70

actiondelete_postdocument-repository.php:71

filterpost_updated_messagesdocument-repository.php:72

filterthe_contentdocument-repository.php:283

actiondo_meta_boxesdocument-repository.php:346

actionwidgets_initdocument-repository.php:617

actionplugins_loadedextras.php:33

actionadmin_initextras.php:34

actionadmin_bar_menuextras.php:35

actionadmin_head_ra_media_document_callbackextras.php:36

actionmedia_upload_documentextras.php:37

filtermedia_buttons_contextextras.php:61

actionmedia_buttonsextras.php:63

actioninituser-roles.php:35

actionadmin_menuuser-roles.php:42

filtermap_meta_capuser-roles.php:44

filtermanage_posts_columnsuser-roles.php:48

actionmanage_posts_custom_columnuser-roles.php:49

filtermanage_users_columnsuser-roles.php:50

filtermanage_users_custom_columnuser-roles.php:51

actionpersonal_optionsuser-roles.php:52

actionpersonal_options_updateuser-roles.php:53

actionedit_user_profile_updateuser-roles.php:54

Maintenance & Trust

Document Repository Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedApr 3, 2013

PHP min version

Downloads15K

Community Trust

Rating74/100

Number of ratings3

Active installs10

Alternatives

Document Repository Alternatives

Autoremove Attachments

autoremove-attachments

Remove child attachments when parent post, page or custom post type is deleted.

3K No CVEs

W4 Post List

w4-post-list

W4 Post List lets you create a list of posts, terms, users or a combined one. Decorate output using shortcodes. It's just easy and fun.

3K 5 CVEs

Simple Revision Control

simple-revision-control

100

Easily control and limit post revisions per post type to keep your WordPress database clean and optimized—no coding required!

1K No CVEs

Media Folder

media-folder

Attach media files to a common parent post, easily upload and list the content of the folder. Useful for making sliders that clients can manage or lis …

100 1 unpatched

WP Revision List

wp-revision-list

Show revisions when viewing lists of posts, pages, or custom post types in the admin dashboard

80 No CVEs

Developer Profile

Document Repository Developer Profile

Ron Rennick

10 plugins · 1K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Document Repository

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/document-repository/js/document-repository.js

Version Parameters

document-repository/js/document-repository.js?ver=

HTML / DOM Fingerprints

CSS Classes

doc-lib-taxonomydoc-terms

Data Attributes

data-document-repository-ajax-url

JS Globals

documentRepository

REST Endpoints

/wp-json/document-repository/v1/search

FAQ