Does Markdown Webhook have any unpatched vulnerabilities?

No. All known vulnerabilities in Markdown Webhook have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Markdown Webhook compatible with WordPress 4.8.28?

According to WordPress.org data, Markdown Webhook 1.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

Is Markdown Webhook compatible with PHP 7.0+?

Markdown Webhook requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Markdown Webhook updated?

Markdown Webhook was last updated on Sep 30, 2017. Frequent updates are generally a positive security signal.

What is Markdown Webhook's security score?

Markdown Webhook has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Markdown Webhook Security & Risk Analysis

wordpress.org/plugins/md-webhook

Sync .md files to wp posts from webhook in github.com / bitbucket.com

0 active installs v1.1 PHP 7.0+ WP 4.0+ Updated Sep 30, 2017

markdownmdpostpostswebhook

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Markdown Webhook Safe to Use in 2026?

Generally Safe

Score 85/100

Markdown Webhook has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "md-webhook" v1.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by not exposing any AJAX handlers, REST API routes, shortcodes, or cron events directly to the attack surface. Furthermore, all SQL queries are confirmed to use prepared statements, and there are no recorded vulnerabilities or CVEs associated with this plugin, suggesting a history of responsible development and maintenance. The absence of dangerous functions and taint flows also contributes to a generally secure foundation.

However, significant concerns arise from the lack of proper output escaping, with only 11% of 18 total outputs being properly escaped. This leaves a substantial portion of output vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is involved in these unescaped outputs. Additionally, the complete absence of nonce checks and capability checks on any potential entry points, although currently limited in number, represents a critical oversight. If the attack surface were to expand or if the existing file operation or external HTTP request were to handle untrusted input, these missing checks could easily be exploited. The single file operation and external HTTP request also warrant careful scrutiny, as their implementation details are not provided but could pose risks if not handled securely.

Key Concerns

Insufficient output escaping
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Markdown Webhook Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Markdown Webhook Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

11% escaped18 total outputs

Attack Surface

Markdown Webhook Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

filterplugin_row_metaindex.php:24

filterthe_contentindex.php:26

filterquery_varsindex.php:27

filterpre_update_option_mdwh_passwordindex.php:28

filteroption_mdwh_passwordindex.php:29

actionwp_headindex.php:30

actionadmin_initindex.php:31

actionadmin_menuindex.php:32

actiontemplate_redirectindex.php:33

Maintenance & Trust

Markdown Webhook Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedSep 30, 2017

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Markdown Webhook Alternatives

Git it Write – Write posts from GitHub

git-it-write

Publish markdown files present in a GitHub repository as posts to WordPress automatically

100 No CVEs

Save Posts With Cmd+S

save-posts-with-cmds

Publish or update posts and pages using the Ctrl+S hotkey (cmd+s on Mac)

90 No CVEs

Simple Webhooks

simple-webhooks

Enhancing WordPress functionality by adding webhooks that trigger actions when posts, pages, or custom post types are updated.

20 No CVEs

Typewriter

typewriter

100

Typewriter replaces the Visual Editor with a simple Markdown editor for your posts and pages.

10 No CVEs

Gitdown: Git Repository to WordPress Blog Posts

gitdown

Use Gitdown to Publish Markdown Posts from a repository to your WordPress Blog.

0 No CVEs

Developer Profile

Markdown Webhook Developer Profile

czl

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Markdown Webhook

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/md-webhook/assets/tomorrow.min.css/wp-content/plugins/md-webhook/assets/highlight.min.js/wp-content/plugins/md-webhook/assets/markdown-it.min.js/wp-content/plugins/md-webhook/assets/md-webhook.js

Script Paths

Version Parameters

mdwh_highligthcss?ver=9.12.0mdwh_highlight?ver=9.12.0mdwh_markdown-it?ver=8.4.0mdwh_md-webhook?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes

md-webhook-content

HTML Comments

FAQ