Does MetaParsedown have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MetaParsedown compatible with WordPress 5.2.24?

According to WordPress.org data, MetaParsedown 1.0.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is MetaParsedown compatible with PHP 7.0+?

MetaParsedown requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MetaParsedown updated?

MetaParsedown was last updated on Nov 5, 2019. Frequent updates are generally a positive security signal.

What is MetaParsedown's security score?

MetaParsedown has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MetaParsedown Security & Risk Analysis

wordpress.org/plugins/metaparsedown

Import markdown and markdown-extra documents to Wordpress posts and pages, output as HTML, parse and save YAML front matter to post_meta, tags, and (o …

0 active installs v1.0.0 PHP 7.0+ WP 5.0+ Updated Nov 5, 2019

markdownmarkdown-extrametaparsedownparsedownparsedown-extra

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MetaParsedown Safe to Use in 2026?

Generally Safe

Score 85/100

MetaParsedown has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "metaparsedown" v1.0.0 plugin exhibits a generally strong security posture with no known vulnerabilities and a robust approach to SQL queries and output escaping. The static analysis reveals a very small attack surface, with all identified entry points being protected. The absence of external HTTP requests and file operations also contributes positively to its security. However, a significant concern arises from the presence of the "unserialize" function, which, if used with untrusted input, can lead to serious security vulnerabilities such as remote code execution. Furthermore, the complete lack of nonce checks and capability checks across all identified entry points is a critical oversight. While the plugin has no recorded vulnerability history, this does not negate the inherent risks associated with using dangerous functions without proper validation and authorization mechanisms. The plugin's strengths lie in its limited attack surface and secure handling of common data interactions, but these are overshadowed by the potential dangers of unserialize and the absence of essential security controls.

Key Concerns

Dangerous function 'unserialize' found
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

MetaParsedown Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

MetaParsedown Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 17, 2026

MetaParsedown Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn unserialize(self::parseScalar(substr($scalar, 12)));Metaparsedown\Symfony\Component\Yaml\Inline.php:582

Output Escaping

100% escaped3 total outputs

Attack Surface

MetaParsedown Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[metaparsedown] Metaparsedown\MetaparsedownPlugin.php:55

WordPress Hooks 1

actionadmin_noticesMetaparsedown\MetaparsedownException.php:18

Maintenance & Trust

MetaParsedown Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedNov 5, 2019

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

MetaParsedown Alternatives

Markdown Shortcode

markdown-shortcode

Damn simple markdown for wordpress via shortcode, uses parsedown (parsedown.org) and highlight.js (highlightjs.org).

70 1 CVE

{eac}Doojigger Readme Extension for WordPress

eacreadme

100

{eac}Readme loads and translates a WordPress markdown 'readme' file providing shortcodes and embedding URLs to access header lines and section blocks.

0 No CVEs

Import Markdown – Versatile Markdown Importer

import-markdown

100

Import Markdown lets you easily generates posts based on Markdown files.

2K No CVEs

Markup Markdown

markup-markdown

Disable Wordpress's native Gutenberg or TinyMCE editor in favor of a Markdown editor.

2K 3 CVEs

Markdown Editor (Formerly Dark Mode)

dark-mode

Quickly edit content in your WordPress site by getting an immersive, peaceful and natural writing experience with the coolest editor.

1K 3 CVEs

Developer Profile

MetaParsedown Developer Profile

pagerange

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MetaParsedown

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

metaparsedown

Shortcode Output

<div class="metaparsedown"> %s

FAQ