WP-Safety

Export WordPress Pages to Static HTML & PDF — Static Site Export Security & Risk Analysis

wordpress.org/plugins/export-wp-page-to-static-html

Export WordPress pages, posts, and custom post types to clean static HTML or PDF files in one click. Create fast, secure static versions of your WordP …

5K active installs v6.0.6.1 PHP 7.4+ WP 5.8+ Updated Mar 10, 2026
export-wordpresshtml-exportstatic-htmlstatic-site-generatorwordpress-static-html
87
A · Safe
CVEs total5
Unpatched0
Last CVEDec 12, 2025
Plugin page Download
Safety Verdict

Is Export WordPress Pages to Static HTML & PDF — Static Site Export Safe to Use in 2026?

Generally Safe

Score 87/100

Export WordPress Pages to Static HTML & PDF — Static Site Export has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 12, 2025Updated 24d ago
Risk Assessment

The "export-wp-page-to-static-html" plugin, in version 6.0.6.1, presents a mixed security posture. On the positive side, the static analysis reveals a robust implementation of security best practices, with all identified entry points (AJAX, REST API, shortcodes, cron events) protected by authentication and capability checks. The plugin also demonstrates strong output escaping (94%) and a high percentage of prepared SQL statements (70%), which are significant defenses against common web vulnerabilities. Taint analysis found no unsanitized paths, further indicating a clean internal code structure regarding data flow risks.

Key Concerns

  • Significant historical CVEs, including critical and high severity
  • Vulnerability history includes missing authorization
  • Vulnerability history includes CSRF
  • Vulnerability history includes open redirect
  • Vulnerability history includes information exposure
  • Relatively high number of file operations
  • Moderate number of external HTTP requests
  • Low number of nonce checks
Vulnerabilities
5

Export WordPress Pages to Static HTML & PDF — Static Site Export Security Vulnerabilities

CVEs by Year

2 CVEs in 2023
2023
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
3

5 total CVEs

CVE-2025-11693critical · 9.8Exposure of Sensitive Information to an Unauthorized Actor

Export WP Page to Static HTML & PDF <= 4.3.4 - Unauthenticated Cookie Exposure via Log File

Dec 12, 2025 Patched in 5.0.0 (1d)
CVE-2025-58980medium · 5.3Missing Authorization

Export WP Page to Static HTML/CSS <= 4.1.0 - Missing Authorization

Sep 9, 2025 Patched in 4.2.0 (7d)
CVE-2024-3597high · 7.1URL Redirection to Untrusted Site ('Open Redirect')

Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect

Jun 19, 2024 Patched in 2.2.3 (12d)
CVE-2023-6369medium · 5.4Missing Authorization

Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions

Nov 28, 2023 Patched in 2.2.0 (56d)
CVE-2023-31077medium · 4.3Cross-Site Request Forgery (CSRF)

Export WP Page to Static HTML/CSS <= 2.1.9 - Cross-Site Request Forgery via Multiple AJAX Actions

Oct 25, 2023 Patched in 2.2.0 (90d)
Code Analysis
Analyzed Mar 16, 2026

Export WordPress Pages to Static HTML & PDF — Static Site Export Code Analysis

Dangerous Functions
0
Raw SQL Queries
32
74 prepared
Unescaped Output
7
112 escaped
Nonce Checks
5
Capability Checks
35
File Operations
42
External Requests
16
Bundled Libraries
0

SQL Query Safety

70% prepared106 total queries

Output Escaping

94% escaped119 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
ajax_save_settings (includes\class-export-html-button.php:250)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Export WordPress Pages to Static HTML & PDF — Static Site Export Attack Surface

Entry Points34
Unprotected0

AJAX Handlers 7

authwp_ajax_wp_to_html_save_export_html_btn_settingsincludes\class-export-html-button.php:43
authwp_ajax_wp_to_html_check_pdf_limitincludes\class-pdf-generator.php:42
noprivwp_ajax_wp_to_html_check_pdf_limitincludes\class-pdf-generator.php:43
authwp_ajax_wp_to_html_increment_pdf_countincludes\class-pdf-generator.php:44
noprivwp_ajax_wp_to_html_increment_pdf_countincludes\class-pdf-generator.php:45
authwp_ajax_wp_to_html_save_pdf_settingsincludes\class-pdf-generator.php:48
authwp_ajax_wp_to_html_quick_exportincludes\class-quick-export.php:46

REST API Routes 25

POST/wp-json/wp_to_html/v1/exportincludes\class-rest.php:138
GET/wp-json/wp_to_html/v1/logincludes\class-rest.php:146
POST/wp-json/wp_to_html/v1/log-resetincludes\class-rest.php:155
GET/wp-json/wp_to_html/v1/statusincludes\class-rest.php:163
GET/wp-json/wp_to_html/v1/pollincludes\class-rest.php:172
POST/wp-json/wp_to_html/v1/runnerincludes\class-rest.php:182
POST/wp-json/wp_to_html/v1/pauseincludes\class-rest.php:189
POST/wp-json/wp_to_html/v1/resumeincludes\class-rest.php:197
POST/wp-json/wp_to_html/v1/stopincludes\class-rest.php:205
POST/wp-json/wp_to_html/v1/kickincludes\class-rest.php:215
POST/wp-json/wp_to_html/v1/queue-resetincludes\class-rest.php:224
POST/wp-json/wp_to_html/v1/rerun-failedincludes\class-rest.php:232
GET/wp-json/wp_to_html/v1/failed-urlsincludes\class-rest.php:240
POST/wp-json/wp_to_html/v1/clear-tempincludes\class-rest.php:248
GET/wp-json/wp_to_html/v1/contentincludes\class-rest.php:259
GET/wp-json/wp_to_html/v1/exportsincludes\class-rest.php:268
GET/wp-json/wp_to_html/v1/previewincludes\class-rest.php:277
GET/wp-json/wp_to_html/v1/downloadincludes\class-rest.php:286
GET/wp-json/wp_to_html/v1/ftp-settingsincludes\class-rest.php:295
POST/wp-json/wp_to_html/v1/ftp-settingsincludes\class-rest.php:302
POST/wp-json/wp_to_html/v1/ftp-testincludes\class-rest.php:309
POST/wp-json/wp_to_html/v1/ftp-listincludes\class-rest.php:318
GET/wp-json/wp_to_html/v1/system-statusincludes\class-rest.php:327
POST/wp-json/wp_to_html/v1/check-can-runincludes\class-rest.php:335
POST/wp-json/wp_to_html/v1/reset-diagnosticsincludes\class-rest.php:343

Shortcodes 2

[export_html_button] includes\class-export-html-button.php:46
[wp_to_html_pdf_button] includes\class-pdf-generator.php:51
WordPress Hooks 38
actioninitexport-wp-page-to-static-html.php:19
actionplugins_loadedexport-wp-page-to-static-html.php:71
actionplugins_loadedexport-wp-page-to-static-html.php:124
actionplugins_loadedexport-wp-page-to-static-html.php:156
actionadmin_initexport-wp-page-to-static-html.php:201
actionadmin_initexport-wp-page-to-static-html.php:223
actionplugins_loadedexport-wp-page-to-static-html.php:405
actionwpexport-wp-page-to-static-html.php:412
actionadmin_enqueue_scriptsexport-wp-page-to-static-html.php:423
actionwp_to_html_fetch_remote_dataexport-wp-page-to-static-html.php:449
actionadmin_menuincludes\class-admin.php:7
actionadmin_enqueue_scriptsincludes\class-admin.php:8
actionwp_to_html_process_eventincludes\class-core.php:30
actionwp_to_html_build_queue_eventincludes\class-core.php:32
actionadmin_bar_menuincludes\class-export-html-button.php:38
actionwp_enqueue_scriptsincludes\class-export-html-button.php:39
actiontemplate_redirectincludes\class-export-html-button.php:40
actionadmin_bar_menuincludes\class-pdf-generator.php:30
actionwp_enqueue_scriptsincludes\class-pdf-generator.php:31
actionwp_footerincludes\class-pdf-generator.php:32
filterpost_row_actionsincludes\class-pdf-generator.php:35
filterpage_row_actionsincludes\class-pdf-generator.php:36
actionadmin_headincludes\class-pdf-generator.php:39
actioninitincludes\class-quick-export.php:16
filterpost_row_actionsincludes\class-quick-export.php:19
filterpage_row_actionsincludes\class-quick-export.php:20
actioninitincludes\class-quick-export.php:22
actionbulk_action_formsincludes\class-quick-export.php:25
actionadmin_footerincludes\class-quick-export.php:26
actionadmin_action_wp_to_html_bulk_exportincludes\class-quick-export.php:29
filterhandle_bulk_actions-edit-postincludes\class-quick-export.php:30
filterhandle_bulk_actions-edit-pageincludes\class-quick-export.php:31
actionadmin_noticesincludes\class-quick-export.php:34
actionadd_meta_boxesincludes\class-quick-export.php:37
actionadmin_bar_menuincludes\class-quick-export.php:40
actionadmin_enqueue_scriptsincludes\class-quick-export.php:43
actionrest_api_initincludes\class-rest.php:137
filterwp_to_html_bg_tick_time_budget_secondsincludes\class-rest.php:545

Scheduled Events 9

wp_to_html_fetch_remote_data
wp_to_html_process_event
wp_to_html_process_event
wp_to_html_process_event
wp_to_html_build_queue_event
wp_to_html_process_event
wp_to_html_process_event
wp_to_html_build_queue_event
wp_to_html_process_event
Maintenance & Trust

Export WordPress Pages to Static HTML & PDF — Static Site Export Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads167K

Community Trust

Rating76/100
Number of ratings51
Active installs5K
Alternatives

Export WordPress Pages to Static HTML & PDF — Static Site Export Alternatives

Simply Static – The Static Site Generator

Simply Static – The Static Site Generator

simply-static

A
99

Convert WordPress to static HTML. Boost performance 3-5x. Eliminate security vulnerabilities. Deploy anywhere.

30K 2 CVEs
WPGatsby

WPGatsby

wp-gatsby

A
85

WPGatsby is a free open-source WordPress plugin that optimizes your WordPress site to work as a data source for Gatsby. This plugin must be used in c &hellip;

3K No CVEs
QuantCDN

QuantCDN

quant

A
100

QuantCDN static site generator and edge integration. Push a static export of your Wordpress site with ease.

70 No CVEs
Figma to Oxygen Builder – ready→made WordPress Integration

Figma to Oxygen Builder – ready→made WordPress Integration

ready-made-oxygen-integration

A
100

The official WordPress integration for the ready→made Figma plugin. Seamlessly copy-paste sections from your Figma designs into Oxygen Builder.

70 No CVEs
Make Me Static, Static Site Generator, Git, Pages and Live Stats

Make Me Static, Static Site Generator, Git, Pages and Live Stats

make-me-static

A
100

Static site generator using Git for storage. Comes with free integrated Git + Pages solution including Live WebStats.

40 No CVEs
Developer Profile

Export WordPress Pages to Static HTML & PDF — Static Site Export Developer Profile

recorp

6 plugins · 10K total installs

80
trust score
Avg Security Score
88/100
Avg Patch Time
52 days
View full developer profile
Detection Fingerprints

How We Detect Export WordPress Pages to Static HTML & PDF — Static Site Export

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/export-wp-page-to-static-html/assets/css/admin.css/wp-content/plugins/export-wp-page-to-static-html/assets/js/admin.js/wp-content/plugins/export-wp-page-to-static-html/assets/js/pdf-generator-front.js/wp-content/plugins/export-wp-page-to-static-html/assets/js/export-html-button-front.js
Script Paths
/wp-content/plugins/export-wp-page-to-static-html/assets/js/admin.js/wp-content/plugins/export-wp-page-to-static-html/assets/js/pdf-generator-front.js/wp-content/plugins/export-wp-page-to-static-html/assets/js/export-html-button-front.js
Version Parameters
export-wp-page-to-static-html/assets/css/admin.css?ver=export-wp-page-to-static-html/assets/js/admin.js?ver=export-wp-page-to-static-html/assets/js/pdf-generator-front.js?ver=export-wp-page-to-static-html/assets/js/export-html-button-front.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-to-html-admin-pagewp-to-html-dashboardwp-to-html-settings-sectionwp-to-html-buttonwp_to_html_noticewp_to_html_export_buttonwp_to_html_pdf_button
HTML Comments
<!-- Export WP Page to Static HTML: Start Shortcode --><!-- Export WP Page to Static HTML: End Shortcode --><!-- Export WP Page to Static HTML: PDF Generator Button --><!-- Export WP Page to Static HTML: Export HTML Button -->
Data Attributes
data-wp-to-html-export-iddata-wp-to-html-noncedata-wp-to-html-ajax-url
JS Globals
wp_to_html_admin_ajax_objectwp_to_html_paramsewptshp_fs
REST Endpoints
/wp-json/wp-to-html/v1/export/wp-json/wp-to-html/v1/export-progress/wp-json/wp-to-html/v1/check-ftp
Shortcode Output
[wp_to_html_export_button][wp_to_html_pdf_button]
FAQ

Frequently Asked Questions about Export WordPress Pages to Static HTML & PDF — Static Site Export