Does Markdown on Save have any unpatched vulnerabilities?

No. All known vulnerabilities in Markdown on Save have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Markdown on Save compatible with WordPress 6.5.8?

According to WordPress.org data, Markdown on Save 1.3.1 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Markdown on Save updated?

Markdown on Save was last updated on May 4, 2024. Frequent updates are generally a positive security signal.

What is Markdown on Save's security score?

Markdown on Save has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Markdown on Save Security & Risk Analysis

wordpress.org/plugins/markdown-on-save

Allows you to compose content in Markdown on a per-item basis. The markdown version is stored separately, so you can deactivate this plugin any time.

70 active installs v1.3.1 PHP + WP 6.0+ Updated May 4, 2024

formattingmarkdown

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Markdown on Save Safe to Use in 2026?

Generally Safe

Score 92/100

Markdown on Save has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "markdown-on-save" v1.3.1 plugin demonstrates a generally good security posture with no reported vulnerabilities and a minimal attack surface. The static analysis shows a complete lack of common entry points like AJAX handlers, REST API routes, shortcodes, and cron events. Furthermore, the code signals indicate sound practices, with no dangerous functions, all SQL queries using prepared statements, and a single nonce check present. This suggests a well-developed and security-conscious approach to its creation.

However, the static analysis does reveal a potential area of concern: only 50% of output is properly escaped, with 4 total outputs analyzed. This means that half of the plugin's output could be vulnerable to cross-site scripting (XSS) if the data being output is not inherently safe. While there are no reported vulnerabilities or taint flows in the history or analysis, this unescaped output represents a tangible, albeit potentially minor, risk that should be addressed to achieve a more robust security profile. The absence of capability checks and the limited number of outputs analyzed mean that the full scope of potential output vulnerabilities might not be fully captured.

Key Concerns

Half of outputs are not properly escaped

Vulnerabilities

None known

Markdown on Save Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Markdown on Save Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped4 total outputs

Attack Surface

Markdown on Save Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 18

actioninitmarkdown-on-save.php:28

filterwp_insert_post_datamarkdown-on-save.php:33

actionpost_submitbox_misc_actionsmarkdown-on-save.php:35

filteredit_post_contentmarkdown-on-save.php:36

filteredit_post_content_filteredmarkdown-on-save.php:37

actionload-post.phpmarkdown-on-save.php:38

actionload-post.phpmarkdown-on-save.php:39

actionload-post-new.phpmarkdown-on-save.php:40

actionxmlrpc_callmarkdown-on-save.php:41

actioninitmarkdown-on-save.php:42

actionset_current_usermarkdown-on-save.php:43

actionwp_insert_postmarkdown-on-save.php:44

actionwp_restore_post_revisionmarkdown-on-save.php:45

filter_wp_post_revision_fieldsmarkdown-on-save.php:46

actionparse_querymarkdown-on-save.php:61

actionparse_querymarkdown-on-save.php:65

actionthe_postsmarkdown-on-save.php:91

filteruser_can_richeditmarkdown-on-save.php:111

Maintenance & Trust

Markdown on Save Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMay 4, 2024

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings2

Active installs70

Alternatives

Markdown on Save Alternatives

WP-Markdown

wp-markdown

Allows Markdown to be enabled in posts, comments and bbPress forums.

400 No CVEs

Parsedown for WordPress

parsedown-wp

This plugin processes your posts and comments using the Parsedown library. It is a direct replacement for PHP Markdown Extra by Michel Fortin.

60 No CVEs

Simple Markdown

simple-markdown

100

Simple and fast plugin to render markdown with a custom Gutenberg block. Professional code beautification and copy functionality included.

60 No CVEs

MarkdownBar

markdownbar

Adds a toolbar of buttons to the Text (HTML) edit which generate Markdown syntax

10 No CVEs

Advanced Editor Tools

tinymce-advanced

100

Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).

2.0M 1 CVE

Developer Profile

Markdown on Save Developer Profile

Mark Jaquith

29 plugins · 176K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

3337 days

View full developer profile

Detection Fingerprints

How We Detect Markdown on Save

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/markdown-on-save/js/markdown-on-save.js

Script Paths

/wp-content/plugins/markdown-on-save/js/markdown-on-save.js

Version Parameters

markdown-on-save/js/markdown-on-save.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-cws-markdown-noncedata-cws-markdown-nonce-fielddata-cws-markdown-editor

JS Globals

CWS_Markdown_Editor

FAQ