Export Categories Security & Risk Analysis
wordpress.org/plugins/export-categoriesexport you wordpress categories only to another wordpress site
Is Export Categories Safe to Use in 2026?
Use With Caution
Score 63/100Export Categories has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "export-categories" v1.0 plugin exhibits a mixed security posture. On the positive side, static analysis reveals no exposed attack surface through AJAX, REST API, shortcodes, or cron events, and all SQL queries utilize prepared statements. There are also no file operations or external HTTP requests, and importantly, no critical or high-severity taint analysis findings. This suggests a generally cautious approach to handling data and external interactions.
However, significant concerns arise from the output escaping and the vulnerability history. With only 13% of outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is ever incorporated into these outputs. Furthermore, the plugin has a known medium-severity vulnerability with a "Missing Authorization" type, and critically, this vulnerability remains unpatched. The fact that the last vulnerability was recorded recently (2025-10-04) and is still outstanding is a major red flag, indicating a lack of consistent security maintenance.
In conclusion, while the plugin avoids common attack vectors and handles database interactions securely, the severe deficiency in output escaping and the presence of an unpatched authorization vulnerability create significant security risks. Users should be highly cautious, and the developers must address the output escaping and the outstanding CVE.
Key Concerns
- Unpatched CVE: Missing Authorization (medium)
- Low output escaping percentage
- No nonce checks found
- No capability checks found
Export Categories Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Export Categories <= 1.0 - Missing Authorization
Export Categories Code Analysis
Output Escaping
Export Categories Attack Surface
WordPress Hooks 2
Maintenance & Trust
Export Categories Maintenance & Trust
Maintenance Signals
Community Trust
Export Categories Alternatives
WP Export Categories & Taxonomies
wp-export-categories-taxonomies
Export Categories, Tags and Taxonomies
All-in-One WP Migration and Backup
all-in-one-wp-migration
Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.
Widget Importer & Exporter
widget-importer-exporter
Import and export your widgets.
WP Migrate Lite – Migration Made Easy
wp-migrate-db
Migrate your database. Export full sites including media, themes, and plugins. Find and replace content with support for serialized data.
Customizer Export/Import
customizer-export-import
Easily export or import your WordPress customizer settings!
Export Categories Developer Profile
7 plugins · 3K total installs
How We Detect Export Categories
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/export-categories/HTML / DOM Fingerprints
wrapicon32<!-- This is a WordPress eXtended RSS file generated by WordPress as an export of your site. --><!-- It contains information about your site's posts, pages, comments, categories, and other content. --><!-- You may use this file to transfer that content from one site to another. --><!-- This file is not intended to serve as a complete backup of your site. -->+11 more