WP-Safety

Hoo Docx Document File Importer Security & Risk Analysis

wordpress.org/plugins/hoo-document-importer

Hoo Docx Document File Importer converts the content of the docx file into HTML and inserts it into the posts and pages editor.

200 active installs v1.0.2 PHP 7.0+ WP 5.3+ Updated Sep 21, 2022
docxformattingimport-documentimport-docximport-word
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Hoo Docx Document File Importer Safe to Use in 2026?

Generally Safe

Score 85/100

Hoo Docx Document File Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "hoo-document-importer" v1.0.2 plugin exhibits a mixed security posture. While it benefits from a lack of known vulnerabilities and no use of dangerous functions, there are significant concerns arising from its attack surface and code analysis. The presence of an unprotected AJAX handler is a critical weakness, providing a direct entry point for potential attackers. Furthermore, the taint analysis reveals two flows with unsanitized paths, suggesting that user-supplied data might not be adequately validated or cleaned before being processed, which could lead to various injection attacks if exploited.

Despite the absence of historical CVEs, which is a positive indicator of past security diligence, the current static analysis findings present tangible risks. The limited output escaping also raises concerns, as it could leave the plugin vulnerable to cross-site scripting (XSS) attacks. The lack of nonce and capability checks on the identified AJAX handler is particularly worrisome, as it bypasses fundamental WordPress security mechanisms. In conclusion, while the plugin has a clean vulnerability history, the current analysis highlights critical areas for improvement in its access control and input sanitization to bolster its security.

Key Concerns

  • AJAX handler without authentication check
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
  • No nonce checks on AJAX
  • No capability checks on AJAX
Vulnerabilities
None known

Hoo Docx Document File Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Hoo Docx Document File Importer Release Timeline

v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Hoo Docx Document File Importer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
0

Output Escaping

33% escaped3 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
callback (classes\Doc2HtmlAjax.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Hoo Docx Document File Importer Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_hoodoc_to_htmlclasses\Doc2HtmlAjax.php:9
WordPress Hooks 7
actionadmin_initclasses\AdminSettingsUI.php:8
actionadmin_menuclasses\AdminSettingsUI.php:9
filterhoodoc_converted_htmlclasses\Doc2HtmlAjax.php:10
actioninitclasses\ImporterButton.php:8
actionadmin_enqueue_scriptsclasses\ImporterButton.php:9
actionmedia_buttonsclasses\ImporterButton.php:10
actionenqueue_block_editor_assetsclasses\ImporterButton.php:11
Maintenance & Trust

Hoo Docx Document File Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedSep 21, 2022
PHP min version7.0
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs200
Alternatives

Hoo Docx Document File Importer Alternatives

SmartDoc to Post Importer

SmartDoc to Post Importer

smartdoc-to-post-importer

A
100

Import Word documents into WordPress while preserving links, lists, formatting, images, tables, and more.

200 No CVEs
Advanced Editor Tools

Advanced Editor Tools

tinymce-advanced

A
100

Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).

2.0M 1 CVE
Advanced Excerpt

Advanced Excerpt

advanced-excerpt

A
85

Control the appearance of WordPress post excerpts

80K No CVEs
Mammoth .docx converter

Mammoth .docx converter

mammoth-docx-converter

A
100

Mammoth converts semantically marked up .docx documents to simple and clean HTML, allowing pasting from Word and Google Docs without the usual mess.

30K No CVEs
Advanced Image Styles

Advanced Image Styles

advanced-image-styles

A
85

Adjust an image's margins and border with ease in the Visual editor.

10K No CVEs
Developer Profile

Hoo Docx Document File Importer Developer Profile

HooThemes

6 plugins · 560 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hoo Docx Document File Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hoo-document-importer/assets/js/importer.js/wp-content/plugins/hoo-document-importer/assets/js/block-editor.js/wp-content/plugins/hoo-document-importer/assets/css/block-editor.css
Script Paths
assets/js/importer.jsassets/js/block-editor.js
Version Parameters
hoo-document-importer/assets/js/importer.js?ver=hoo-document-importer/assets/js/block-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes
dashicons-editor-paste-word
Data Attributes
id="hoodoc_words_import_meta_box_popup"id="hoodoc_words_import_meta_box_in_progress"
JS Globals
window.hoodocwindow.HDIBlockEditorL10nwindow.HDIBlockEditorConfig
FAQ

Frequently Asked Questions about Hoo Docx Document File Importer