Does Docxpresso have any unpatched vulnerabilities?

Yes — Docxpresso currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Docxpresso compatible with WordPress 5.8.13?

According to WordPress.org data, Docxpresso 2.6 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is Docxpresso updated?

Docxpresso was last updated on Dec 28, 2021. Frequent updates are generally a positive security signal.

What is Docxpresso's security score?

Docxpresso has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Docxpresso Security & Risk Analysis

wordpress.org/plugins/docxpresso

"Copy and Paste" from MS Word, Excel, Libre Office or Open Office.

2K active installs v2.6 PHP + WP 3.5+ Updated Dec 28, 2021

copy-and-pasteexcellibre-officeopen-officeword

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 3, 2025

Plugin page Download

Safety Verdict

Is Docxpresso Safe to Use in 2026?

Use With Caution

Score 64/100

Docxpresso has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 3, 2025Updated 4yr ago

Risk Assessment

The docxpresso v2.6 plugin exhibits a generally good security posture based on the static analysis, with no critical or high-severity issues detected in taint analysis, all SQL queries using prepared statements, and all output properly escaped. The presence of a nonce check and the limited attack surface (only one shortcode, with no AJAX handlers or REST API routes identified) are positive indicators. However, the plugin has a concerning vulnerability history, with one known medium-severity CVE related to Path Traversal that is currently unpatched. The recurrence of such vulnerabilities could indicate potential weaknesses in how the plugin handles user-supplied input related to file paths. While the static analysis suggests robust coding practices in areas like SQL and output handling, the unpatched path traversal vulnerability represents a significant risk that requires immediate attention.

Key Concerns

Unpatched medium CVE
Vulnerability history indicates Path Traversal risk
No capability checks

Vulnerabilities

1 published

Docxpresso Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31554medium · 6.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Docxpresso <= 2.6 - Authenticated (Contributor+) Arbitrary File Download

Apr 3, 2025Unpatched

Version History

Docxpresso Release Timeline

v2.6Current1 CVE

v2.51 CVE

v2.41 CVE

v2.31 CVE

v2.21 CVE

v2.11 CVE

v2.01 CVE

v1.61 CVE

v1.51 CVE

v1.41 CVE

v1.31 CVE

v1.21 CVE

v1.11 CVE

v1.0.11 CVE

Code Analysis

Analyzed Mar 16, 2026

Docxpresso Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<options> (options.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Docxpresso Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[docxpresso] plugin.php:89

WordPress Hooks 4

actionadmin_menuadmin.php:4

actionmedia_buttonsadmin.php:5

actionwp_enqueue_mediaadmin.php:6

actioninitadmin.php:7

Maintenance & Trust

Docxpresso Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedDec 28, 2021

PHP min version

Downloads73K

Community Trust

Rating94/100

Number of ratings31

Active installs2K

Alternatives

Docxpresso Alternatives

Embedded learning videos and practice material by TEST4U

embedded-learning-videos-and-practice-material-by-test4u

40000+ categorized videos for Microsoft Office, LibreOffice, OpenOffice, Long Docs, Data Analysis, UBER. Enhance your site with notes, queries.

10 No CVEs

From Excel Sheet to WordPress posts database

import-excel2sql

Documentation: Activate the plugin and it will appear under the tools bar Supported excel extensions are .csv , .xls and .

10 No CVEs

Responsive WordPress Testimonial

my-responsive-testimonial

Create amazing sliding wordpress testimonial showcase that use auto cycling and hovering effect with Wow.js & Animate.css

10 No CVEs

All-in-One WP Migration and Backup

all-in-one-wp-migration

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs

$Rank Math SEO – AI SEO Tools to Dominate SEO Rankings$

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

4.0M 20 CVEs

Developer Profile

Docxpresso Developer Profile

docxpresso

2 plugins · 2K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Docxpresso

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/docxpresso/gutenberg/block.js/wp-content/plugins/docxpresso/gutenberg/style.css/wp-content/plugins/docxpresso/docxpresso.js

Script Paths

/wp-content/plugins/docxpresso/gutenberg/block.js/wp-content/plugins/docxpresso/docxpresso.js

Version Parameters

docxpresso.js?ver=2.0

HTML / DOM Fingerprints

CSS Classes

docxpresso-cut-paste-plugin

Data Attributes

data-block="docxpresso-cut-paste/plugin"

JS Globals

docxpresso_button

Shortcode Output

[docxpresso

FAQ

Docxpresso Security & Risk Analysis

Is Docxpresso Safe to Use in 2026?

Use With Caution

Key Concerns

Docxpresso Security Vulnerabilities

CVEs by Year

Severity Breakdown

Docxpresso Release Timeline

Docxpresso Code Analysis

Data Flow Analysis

Docxpresso Attack Surface

Shortcodes 1

Docxpresso Maintenance & Trust

Maintenance Signals

Community Trust

Docxpresso Alternatives

Embedded learning videos and practice material by TEST4U

From Excel Sheet to WordPress posts database

Responsive WordPress Testimonial

All-in-One WP Migration and Backup

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

Docxpresso Developer Profile

How We Detect Docxpresso

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Docxpresso