WP-Safety

HTMLPress Security & Risk Analysis

wordpress.org/plugins/htmlpress

Simple HTML snippets generator and use it with shortcode.

0 active installs v0.1.1 PHP + WP 4.4+ Updated Aug 8, 2023
html-codehtml-shortcodehtml-snippetshortcodessimple-html-snippets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is HTMLPress Safe to Use in 2026?

Generally Safe

Score 85/100

HTMLPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "htmlpress" v0.1.1 plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. With 8 out of 10 entry points lacking authentication checks, this plugin presents a wide attack surface that could be exploited by unauthenticated users. While the code analysis indicates good practices in SQL query handling (100% prepared statements) and a high percentage of properly escaped output (88%), the absence of capability and nonce checks on these AJAX handlers is a critical oversight. The taint analysis revealed flows with unsanitized paths, though thankfully no critical or high-severity issues were identified. The complete lack of any recorded vulnerabilities in its history suggests either a short history or excellent past security, but this does not mitigate the immediate risks identified in the current code analysis. The plugin's reliance on the Select2 bundled library is a minor concern if it's not kept updated, but the primary risk stems from the exposed AJAX endpoints.

Key Concerns

  • 8 AJAX handlers without auth checks
  • 0 Nonce checks present
  • 0 Capability checks present
  • 2 Flows with unsanitized paths
  • Bundled library (Select2)
Vulnerabilities
None known

HTMLPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

HTMLPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
38 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

88% escaped43 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
download_zip (classes\class-ajax.php:146)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

HTMLPress Attack Surface

Entry Points10
Unprotected8

AJAX Handlers 8

authwp_ajax_htmlpress_save_moduleclasses\class-ajax.php:44
authwp_ajax_noprev_htmlpress_save_moduleclasses\class-ajax.php:45
authwp_ajax_htmlpress_duplicate_templateclasses\class-ajax.php:47
authwp_ajax_noprev_htmlpress_duplicate_templateclasses\class-ajax.php:48
authwp_ajax_htmlpress_template_thumbnail_generatorclasses\class-ajax.php:50
authwp_ajax_noprev_htmlpress_template_thumbnail_generatorclasses\class-ajax.php:51
authwp_ajax_htmlpress_downloadclasses\class-ajax.php:56
authwp_ajax_noprev_htmlpress_downloadclasses\class-ajax.php:57

Shortcodes 2

[htmlpress] classes\class-shortcodes.php:38
[htmlpress-user] classes\class-shortcodes.php:39
WordPress Hooks 7
actioninitclasses\class-post-type.php:40
actioninitclasses\class-post-type.php:41
actionrest_api_initclasses\class-post-type.php:42
actioninitclasses\class-render.php:38
actionwp_enqueue_scriptsclasses\class-render.php:54
filtertemplate_includeclasses\class-render.php:55
actionhtmlpress_module_builderclasses\class-render.php:56
Maintenance & Trust

HTMLPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedAug 8, 2023
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

HTMLPress Alternatives

OS HTML5 Shortcodes

OS HTML5 Shortcodes

os-html5-shortcodes

A
85

Using shortcodes you can easily add HTML codes such as ad codes, javascript, video embedding, etc in your pages, posts or custom posts.

10 No CVEs
Column Shortcodes

Column Shortcodes

column-shortcodes

A
85

Adds shortcodes to easily create columns in your posts or pages.

60K No CVEs
Apollo13 Framework Extensions

Apollo13 Framework Extensions

apollo13-framework-extensions

A
95

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs
Futurio Extra

Futurio Extra

futurio-extra

A
96

Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.

20K 7 CVEs
ND Shortcodes

ND Shortcodes

nd-shortcodes

A
89

The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea …

20K 5 CVEs
Developer Profile

HTMLPress Developer Profile

surror

5 plugins · 4K total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect HTMLPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/htmlpress/assets/css/htmlpress.css/wp-content/plugins/htmlpress/assets/js/htmlpress.js/wp-content/plugins/htmlpress/assets/js/module.js
Script Paths
/wp-content/plugins/htmlpress/assets/js/htmlpress.js/wp-content/plugins/htmlpress/assets/js/module.js
Version Parameters
htmlpress/assets/css/htmlpress.css?ver=htmlpress/assets/js/htmlpress.js?ver=htmlpress/assets/js/module.js?ver=

HTML / DOM Fingerprints

CSS Classes
htmlpress-wp-scriptshtmlpress-wp-styles
Data Attributes
data-module-id
JS Globals
HTMLPress_VER
FAQ

Frequently Asked Questions about HTMLPress