Does Gitdown: Git Repository to WordPress Blog Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Gitdown: Git Repository to WordPress Blog Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gitdown: Git Repository to WordPress Blog Posts compatible with WordPress 6.4.0?

According to WordPress.org data, Gitdown: Git Repository to WordPress Blog Posts 1.6.1 has been tested up to WordPress 6.4.0. Check the plugin's changelog for the latest compatibility information.

Is Gitdown: Git Repository to WordPress Blog Posts compatible with PHP 7.0+?

Gitdown: Git Repository to WordPress Blog Posts requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Gitdown: Git Repository to WordPress Blog Posts's security score?

Gitdown: Git Repository to WordPress Blog Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gitdown: Git Repository to WordPress Blog Posts Security & Risk Analysis

wordpress.org/plugins/gitdown

Use Gitdown to Publish Markdown Posts from a repository to your WordPress Blog.

0 active installs v1.6.1 PHP 7.0+ WP 6.1.0+ Updated Mar 24, 2024

article-managementcmsgithubmarkdownposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gitdown: Git Repository to WordPress Blog Posts Safe to Use in 2026?

Generally Safe

Score 85/100

Gitdown: Git Repository to WordPress Blog Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The Gitdown plugin v1.6.1 presents a concerning security posture due to a significant attack surface with no authentication checks on any of its entry points. Specifically, all 4 AJAX handlers and 1 REST API route are exposed without proper authorization, meaning any unauthenticated user could potentially trigger these functionalities. The presence of the `exec` function, a dangerous function, further elevates the risk, as it could be exploited for arbitrary code execution if an attacker can control its arguments. While the plugin demonstrates good practices in SQL query handling by using prepared statements and a high percentage of properly escaped output, these strengths are overshadowed by the critical lack of access controls on its entry points. The absence of any recorded vulnerabilities in its history is a positive sign, suggesting it has historically been developed with some care or has not been a target. However, this does not negate the immediate risks identified in the current version's code. The plugin's overall security is weakened by the exposed entry points and the use of dangerous functions without safeguards, making it a prime candidate for exploitation.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
Presence of dangerous function 'exec'
Nonce checks missing on AJAX handlers

Vulnerabilities

None known

Gitdown: Git Repository to WordPress Blog Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Gitdown: Git Repository to WordPress Blog Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

63 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec($command, $output);inc\ArticleCollection.php:105

execexec("rmdir \"$path\" /s /q");inc\Helpers.php:98

execexec("rm -rf -f \"$path\"");inc\Helpers.php:101

Output Escaping

88% escaped72 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

setupActions (gitdown.php:95)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Gitdown: Git Repository to WordPress Blog Posts Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 4

authwp_ajax_get_all_articlesgitdown.php:243

authwp_ajax_update_articlegitdown.php:251

authwp_ajax_delete_articlegitdown.php:255

authwp_ajax_mgd_get_outdatedgitdown.php:260

REST API Routes 1

GET/wp-json/mgd/v1/update_outdatedgitdown.php:322

WordPress Hooks 14

actionadmin_initgitdown.php:101

actionadmin_menugitdown.php:138

actionadmin_enqueue_scriptsgitdown.php:173

actionadmin_enqueue_scriptsgitdown.php:183

actionwp_print_scriptsgitdown.php:187

filtermanage_post_posts_columnsgitdown.php:225

filtermanage_pages_columnsgitdown.php:226

actionmanage_post_posts_custom_columngitdown.php:228

actionmanage_pages_custom_columngitdown.php:229

filterpost_row_actionsgitdown.php:231

filterpage_row_actionsgitdown.php:232

actioninitgitdown.php:269

actionwp_print_scriptsgitdown.php:272

actionrest_api_initgitdown.php:321

Maintenance & Trust

Gitdown: Git Repository to WordPress Blog Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.0

Last updatedMar 24, 2024

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Gitdown: Git Repository to WordPress Blog Posts Alternatives

Git it Write – Write posts from GitHub

git-it-write

Publish markdown files present in a GitHub repository as posts to WordPress automatically

100 No CVEs

List category posts

list-category-posts

Very customizable plugin to list posts by category (or tag, author and more) in a post, page or widget. Uses the [catlist] shortcode to select posts.

80K 6 CVEs

Powerful Posts Per Page (PPPP)

pppp

Posts per page for custom post types and taxonomies.

1K No CVEs

Documents from Git

documents-from-git

A plugin to inject and render files in a WordPress post or page directly from most popular Git platforms. Currently supported file types: Markdown, J …

200 No CVEs

Custom Category Listing Page

custom-category-listing-page

Custom Category Listing Page Allow to List Category Posts for each Category by Order ex: [post_listing]

50 No CVEs

Developer Profile

Gitdown: Git Repository to WordPress Blog Posts Developer Profile

Maxim Maeder

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Gitdown: Git Repository to WordPress Blog Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gitdown/css/gitdown.css/wp-content/plugins/gitdown/js/vue.js/wp-content/plugins/gitdown/js/json.js/wp-content/plugins/gitdown/js/admin.js

Script Paths

/wp-content/plugins/gitdown/js/vue.js/wp-content/plugins/gitdown/js/json.js/wp-content/plugins/gitdown/js/admin.js

Version Parameters

/wp-content/plugins/gitdown/css/gitdown.css?ver=/wp-content/plugins/gitdown/js/vue.js?ver=/wp-content/plugins/gitdown/js/json.js?ver=/wp-content/plugins/gitdown/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

mgd-settings-sectionmgd-article-managermgd_glob_settingmgd_repo_settingmgd_resolver_settingmgd_cron_setting

HTML Comments

Data Attributes

data-slug

JS Globals

mgd_vuejsmgd_jsonjsmgd_adminjsrenderJson

FAQ