WP-Safety

Katalogportal-pdf-sync Widget Security & Risk Analysis

wordpress.org/plugins/katalogportal-pdf-sync

Automatically convert your uploaded pdf into media to flipbook and insert them as widget and shortcode

10 active installs v1.0.0 PHP + WP 4.0+ Updated Mar 23, 2018
e-magazinee-paperkatalogportal
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 14, 2026
Plugin page Download
Safety Verdict

Is Katalogportal-pdf-sync Widget Safe to Use in 2026?

Use With Caution

Score 63/100

Katalogportal-pdf-sync Widget has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 14, 2026Updated 8yr ago
Risk Assessment

The "katalogportal-pdf-sync" v1.0.0 plugin presents a mixed security posture. While it demonstrates some good security practices, such as using prepared statements for all SQL queries and including nonce checks, several significant concerns exist. The plugin has a total of one entry point, an AJAX handler, which notably lacks authentication checks. This creates a direct pathway for unauthenticated attackers to interact with the plugin's functionality.

Furthermore, the plugin has a history of known vulnerabilities, with one medium severity CVE currently unpatched. This past vulnerability type, "Missing Authorization," aligns with the static analysis findings, highlighting a recurring issue in how access control is implemented. The lack of any analyzed taint flows is a neutral observation, as it doesn't indicate an immediate risk but also doesn't provide assurance of safety in that area.

In conclusion, the plugin's security is compromised by a critical lack of authorization on its sole AJAX entry point and a known, unpatched medium severity vulnerability. While the use of prepared statements and nonce checks are positive, these are overshadowed by the potential for unauthorized access and the history of security flaws. Users should proceed with extreme caution and consider disabling the plugin until these issues are addressed.

Key Concerns

  • Unprotected AJAX handler
  • Unpatched CVE (medium severity)
  • Vulnerability history indicates auth issues
  • Moderate percentage of unescaped output
Vulnerabilities
1

Katalogportal-pdf-sync Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-3649medium · 5.3Missing Authorization

Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action

Apr 14, 2026Unpatched
Version History

Katalogportal-pdf-sync Widget Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Katalogportal-pdf-sync Widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
22
36 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

62% escaped58 total outputs
Attack Surface
1 unprotected

Katalogportal-pdf-sync Widget Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_katalogportal_shortcodePrinterinc/class.admin.php:12
WordPress Hooks 15
actionadmin_enqueue_scriptsKatalogportal-widget.php:164
actionwidgets_initKatalogportal-widget.php:170
filterattachment_fields_to_editinc/class.admin.php:5
filteradd_attachmentinc/class.admin.php:6
actionadmin_menuinc/class.admin.php:8
actionadmin_initinc/class.admin.php:9
actionadmin_initinc/class.admin.php:11
actiondelete_attachmentinc/class.admin.php:14
filtermanage_media_columnsinc/class.admin.php:16
actionmanage_media_custom_columninc/class.admin.php:17
filtermce_external_pluginsinc/class.admin.php:311
filtermce_buttonsinc/class.admin.php:312
actionplugins_loadedkatalogportal-pdf-sync.php:55
actionwp_footerkatalogportal-pdf-sync.php:69
actionadmin_enqueue_scriptskatalogportal-pdf-sync.php:76
Maintenance & Trust

Katalogportal-pdf-sync Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedMar 23, 2018
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Katalogportal-pdf-sync Widget Alternatives

No alternatives data available yet.

Developer Profile

Katalogportal-pdf-sync Widget Developer Profile

colbeinformatik

2 plugins · 20 total installs

76
trust score
Avg Security Score
74/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Katalogportal-pdf-sync Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/katalogportal-pdf-sync/css/admin.css/wp-content/plugins/katalogportal-pdf-sync/js/adminKW.js
Version Parameters
katalogportal-katalog-widget-admin?ver=katalogportal-katalog-widget-admin?ver=

HTML / DOM Fingerprints

CSS Classes
katalogportal-preview-wrap
Data Attributes
data-uploader_titledata-uploader_button_text
Shortcode Output
<div style="clear:both;"></div><div style="float:left; display: block; margin-right: 10px; width: 120px; text-align: center;"><a class="iframe first last item" href="http://www.katalogportal.ch/book.aspx?id=<img src="" alt="" title="
FAQ

Frequently Asked Questions about Katalogportal-pdf-sync Widget