Does Markdown Renderer for GitHub have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Markdown Renderer for GitHub compatible with WordPress 6.9.4?

According to WordPress.org data, Markdown Renderer for GitHub 2.7.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Markdown Renderer for GitHub compatible with PHP 8.1+?

Markdown Renderer for GitHub requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Markdown Renderer for GitHub updated?

Markdown Renderer for GitHub was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Markdown Renderer for GitHub's security score?

Markdown Renderer for GitHub has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Markdown Renderer for GitHub Security & Risk Analysis

wordpress.org/plugins/markdown-renderer-for-github

Transform your WordPress content with beautiful GitHub Flavored Markdown rendering, syntax highlighting, interactive diagrams, and Chart.js charts.

10 active installs v2.7.5 PHP 8.1+ WP 6.5+ Updated Mar 12, 2026

gfmgithubmarkdownmermaidsyntax-highlighting

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Markdown Renderer for GitHub Safe to Use in 2026?

Generally Safe

Score 100/100

Markdown Renderer for GitHub has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "markdown-renderer-for-github" plugin, version 2.7.5, exhibits a generally strong security posture, largely due to its robust use of security best practices. The plugin demonstrates excellent adherence to authentication and authorization checks, with all identified entry points (AJAX handlers, REST API routes, shortcodes, and cron events) being properly secured. The absence of any reported vulnerabilities in its history further strengthens this positive assessment. The code also shows a good level of output escaping and exclusively uses prepared statements for SQL queries, which are critical for preventing common web vulnerabilities.

Key Concerns

Use of preg_replace with /e modifier
92% of outputs properly escaped (8% not)

Vulnerabilities

None known

Markdown Renderer for GitHub Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Markdown Renderer for GitHub Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Markdown Renderer for GitHub Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

226 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace( '/eincludes\class-gfmr-plantuml-handler.php:761

SQL Query Safety

100% prepared11 total queries

Output Escaping

92% escaped245 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<class-gfmr-settings> (includes\class-gfmr-settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Markdown Renderer for GitHub Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 6

authwp_ajax_gfmr_save_mermaid_svgincludes\class-gfmr-mermaid-ssr-handler.php:44

authwp_ajax_gfmr_save_metadataincludes\class-gfmr-metadata-handler.php:49

authwp_ajax_gfmr_get_metadataincludes\class-gfmr-metadata-handler.php:50

authwp_ajax_gfmr_render_plantumlincludes\class-gfmr-plantuml-handler.php:203

noprivwp_ajax_gfmr_render_plantumlincludes\class-gfmr-plantuml-handler.php:204

authwp_ajax_gfmr_preview_themeincludes\class-gfmr-settings.php:104

Shortcodes 1

[gfmr_language_switcher] includes\class-gfmr-language-switcher.php:83

WordPress Hooks 48

actionwp_headincludes\class-gfmr-asset-manager.php:553

filterwp_kses_allowed_htmlincludes\class-gfmr-block-registry.php:43

filterthe_contentincludes\class-gfmr-chart-handler.php:81

filtergfmr_render_contentincludes\class-gfmr-chart-handler.php:82

actionplugins_loadedincludes\class-gfmr-extension-api.php:48

actionwp_body_openincludes\class-gfmr-language-switcher.php:86

actionwp_footerincludes\class-gfmr-language-switcher.php:87

actionwp_enqueue_scriptsincludes\class-gfmr-language-switcher.php:90

actionsave_postincludes\class-gfmr-metadata-handler.php:43

filtergfmr_renderer/before_process_contentincludes\class-gfmr-metadata-handler.php:46

actionadmin_enqueue_scriptsincludes\class-gfmr-metadata-handler.php:53

filtergfmr_feature_flagsincludes\class-gfmr-multilingual.php:75

actionwp_enqueue_scriptsincludes\class-gfmr-multilingual.php:78

actionenqueue_block_editor_assetsincludes\class-gfmr-multilingual.php:81

filtergfmr_frontend_configincludes\class-gfmr-multilingual.php:84

filtergfmr_frontend_configincludes\class-gfmr-multilingual.php:87

actionwp_headincludes\class-gfmr-multilingual.php:90

actionsave_postincludes\class-gfmr-plantuml-handler.php:206

actiongfmr_warm_plantuml_cacheincludes\class-gfmr-plantuml-handler.php:207

filtersafe_style_cssincludes\class-gfmr-plantuml-handler.php:652

actionplugins_loadedincludes\class-gfmr-renderer.php:144

actionwp_enqueue_scriptsincludes\class-gfmr-renderer.php:145

actioninitincludes\class-gfmr-renderer.php:146

actionenqueue_block_editor_assetsincludes\class-gfmr-renderer.php:148

actionenqueue_block_assetsincludes\class-gfmr-renderer.php:149

filterwp_kses_allowed_htmlincludes\class-gfmr-renderer.php:158

filterwp_kses_allowed_htmlincludes\class-gfmr-renderer.php:159

filterthe_contentincludes\class-gfmr-renderer.php:161

filterrender_blockincludes\class-gfmr-renderer.php:163

filterdocument_title_partsincludes\class-gfmr-renderer.php:164

actionsave_postincludes\class-gfmr-renderer.php:166

actionupdate_option_gfmr_theme_settingsincludes\class-gfmr-renderer.php:167

actionwp_headincludes\class-gfmr-schema-generator.php:81

actionsave_postincludes\class-gfmr-schema-generator.php:82

actionadmin_menuincludes\class-gfmr-settings.php:101

actionadmin_initincludes\class-gfmr-settings.php:102

filterwp_redirectincludes\class-gfmr-settings.php:103

actionadmin_enqueue_scriptsincludes\class-gfmr-settings.php:105

actioninitincludes\class-gfmr-url-rewriter.php:92

filterquery_varsincludes\class-gfmr-url-rewriter.php:95

actionwp_headincludes\class-gfmr-url-rewriter.php:98

actionwp_headincludes\class-gfmr-url-rewriter.php:101

actiontemplate_redirectincludes\class-gfmr-url-rewriter.php:104

filterrequestincludes\class-gfmr-url-rewriter.php:107

filterredirect_canonicalincludes\class-gfmr-url-rewriter.php:110

actionplugins_loadedmarkdown-renderer-for-github.php:45

actioninitmarkdown-renderer-for-github.php:108

actionupgrader_process_completemarkdown-renderer-for-github.php:122

Scheduled Events 1

gfmr_warm_plantuml_cache

Maintenance & Trust

Markdown Renderer for GitHub Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version8.1

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Markdown Renderer for GitHub Alternatives

Documents from Git

documents-from-git

A plugin to inject and render files in a WordPress post or page directly from most popular Git platforms. Currently supported file types: Markdown, J …

200 No CVEs

Git it Write – Write posts from GitHub

git-it-write

Publish markdown files present in a GitHub repository as posts to WordPress automatically

100 No CVEs

Mytory Markdown

mytory-markdown

The plugin get markdown file URL like github raw content url. It convert markdown file to html, and put it to post content.

40 No CVEs

Github README

github-readme

Easily embed GitHub READMEs in pages/posts.

20 No CVEs

GitHub-Flavored Markdown Comments

github-flavored-markdown-comments

WordPress plugin to let commenters use (GitHub-flavored) Markdown, and turn it into HTML.

10 No CVEs

Developer Profile

Markdown Renderer for GitHub Developer Profile

wakalab

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Markdown Renderer for GitHub

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-language-detection.js/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-main.js/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-mermaid-lightbox.js/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-constants.js/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-plantuml-handler.js/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-code-highlighter.js/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-mermaid-renderer.js/wp-content/plugins/markdown-renderer-for-github/assets/css/gfmr-styles.css

Script Paths

Version Parameters

/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-language-detection.js?ver=/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-main.js?ver=/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-mermaid-lightbox.js?ver=/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-constants.js?ver=/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-plantuml-handler.js?ver=/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-code-highlighter.js?ver=/wp-content/plugins/markdown-renderer-for-github/assets/js/gfmr-mermaid-renderer.js?ver=/wp-content/plugins/markdown-renderer-for-github/assets/css/gfmr-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes

gfmr-code-block

JS Globals

window.gfmrConfig

FAQ