WP-Safety

Hierarchical Documentation Security & Risk Analysis

wordpress.org/plugins/hierarchical-documentation

Lets admins create searchable, hierarchically-organized documentation. Supports Markdown and syntax highlighting for code. Requires WP MVC.

10 active installs v1.1 PHP + WP 3.0+ Updated Mar 2, 2012
codecodexdocumentationhierarchicalreference
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Hierarchical Documentation Safe to Use in 2026?

Generally Safe

Score 85/100

Hierarchical Documentation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The hierarchical-documentation plugin version 1.1 presents a mixed security posture. On the positive side, it boasts a clean vulnerability history with no recorded CVEs, suggesting a generally well-maintained codebase. The static analysis also indicates all SQL queries use prepared statements, a strong practice for preventing SQL injection. However, significant concerns arise from the code signals. The presence of a 'system' dangerous function is a red flag, as this function can execute arbitrary commands on the server, posing a critical risk if not properly controlled. Furthermore, the low percentage of properly escaped output (7%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the plugin's output. The taint analysis showing two flows with unsanitized paths reinforces these concerns, indicating potential for data to be processed in an unsafe manner.

Key Concerns

  • Dangerous function 'system' found
  • Low percentage of properly escaped output (7%)
  • Taint analysis shows unsanitized paths
  • No nonce checks implemented
  • No capability checks implemented
Vulnerabilities
None known

Hierarchical Documentation Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Hierarchical Documentation Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
43
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

systemsystem($command, $sql);app\config\bootstrap.php:117

SQL Query Safety

100% prepared2 total queries

Output Escaping

7% escaped46 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
preview_content (app\controllers\admin\admin_documentation_nodes_controller.php:75)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Hierarchical Documentation Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
filtermvc_before_public_urlapp\config\bootstrap.php:50
actionmvc_admin_initapp\config\bootstrap.php:71
actionmvc_public_initapp\config\bootstrap.php:85
filtermvc_page_titleapp\config\bootstrap.php:96
actionplugins_loadedapp\config\bootstrap.php:106
Maintenance & Trust

Hierarchical Documentation Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1
Last updatedMar 2, 2012
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Hierarchical Documentation Alternatives

Simple Footnotes

Simple Footnotes

simple-footnotes

A
85

Create simple, elegant footnotes on your site. Use the [ref] shortcode and the plugin takes care of the rest.

600 No CVEs
Shortcode Reference

Shortcode Reference

shortcode-reference

A
85

This plugin will provide a list and details about available shortcodes in your current installment. All when you need it most - when editing content.

100 No CVEs
WH Tweaks

WH Tweaks

wh-tweaks

A
99

Common functionality WordPress core should have but maybe shouldn't.

100 1 CVE
CitePress – Automatic Citation Generator

CitePress – Automatic Citation Generator

citepress-automatic-citation-generator

A
100

Generate and display a clean citation box for any WordPress post using customizable academic citation styles.

50 No CVEs
Shortcode Shortcode

Shortcode Shortcode

shortcode-shortcode

A
100

Provides a [shortcode] shortcode to allow you to show shortcode usage examples without the shortcodes being processed

30 No CVEs
Developer Profile

Hierarchical Documentation Developer Profile

tombenner

5 plugins · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hierarchical Documentation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hierarchical-documentation/nest_sortable.js/wp-content/plugins/hierarchical-documentation/preview_markdown.js/wp-content/plugins/hierarchical-documentation/edit_documentation.css/wp-content/plugins/hierarchical-documentation/public_documentation_tree.js/wp-content/plugins/hierarchical-documentation/public_documentation.css
Script Paths
/wp-content/plugins/hierarchical-documentation/nest_sortable.js/wp-content/plugins/hierarchical-documentation/preview_markdown.js/wp-content/plugins/hierarchical-documentation/public_documentation_tree.js
Version Parameters
hierarchical-documentation/nest_sortable.js?ver=hierarchical-documentation/preview_markdown.js?ver=hierarchical-documentation/edit_documentation.css?ver=hierarchical-documentation/public_documentation_tree.js?ver=hierarchical-documentation/public_documentation.css?ver=

HTML / DOM Fingerprints

CSS Classes
documentation-tree
Data Attributes
data-iddata-parent-iddata-depthdata-leftdata-right
JS Globals
mvc_js_urlcurrent_documentation_versionurl_documentation_version_namedisplayed_documentation_version
FAQ

Frequently Asked Questions about Hierarchical Documentation