Does MK Table of Contents have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MK Table of Contents compatible with WordPress 4.8.28?

According to WordPress.org data, MK Table of Contents 2.2 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is MK Table of Contents updated?

MK Table of Contents was last updated on Aug 17, 2017. Frequent updates are generally a positive security signal.

What is MK Table of Contents's security score?

MK Table of Contents has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MK Table of Contents Security & Risk Analysis

wordpress.org/plugins/mk-table-of-contents

This Plugin adds a TOC to a post via the shortcode [toc].

0 active installs v2.2 PHP + WP 4.2+ Updated Aug 17, 2017

postpublishtable-of-contentstoc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MK Table of Contents Safe to Use in 2026?

Generally Safe

Score 85/100

MK Table of Contents has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The mk-table-of-contents plugin version 2.2 exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and the plugin's history of no recorded vulnerabilities are positive indicators. The code analysis shows a minimal attack surface with only one shortcode entry point, and notably, all SQL queries are properly prepared. File operations and external HTTP requests are also absent, reducing potential attack vectors. However, there are some areas for improvement. The lack of nonce checks on the shortcode, combined with only one capability check and a significant portion of output not being properly escaped (25%), presents potential risks. While taint analysis shows no critical or high severity issues, the unescaped output could be exploited in combination with other factors to lead to Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

Unescaped output found (25%)
No nonce checks on shortcode
Limited capability checks on entry point

Vulnerabilities

None known

MK Table of Contents Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

MK Table of Contents Release Timeline

v2.2Current

v2.1

v2.0

v1.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

MK Table of Contents Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

75% escaped12 total outputs

Attack Surface

MK Table of Contents Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[toc] php/mk-toc-shortcode.php:40

WordPress Hooks 9

actioninitmk-toc.php:30

actionwp_enqueue_scriptsmk-toc.php:36

actionplugins_loadedmk-toc.php:41

actionadmin_initphp/mk-toc-settings.php:61

actionadmin_menuphp/mk-toc-settings.php:117

actionadmin_enqueue_scriptsphp/mk-toc-tinymce-addon.php:12

filtermce_external_pluginsphp/mk-toc-tinymce-addon.php:22

filtermce_buttonsphp/mk-toc-tinymce-addon.php:23

actionadmin_headphp/mk-toc-tinymce-addon.php:25

Maintenance & Trust

MK Table of Contents Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedAug 17, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

MK Table of Contents Alternatives

Seo Friendly Table of Contents

seo-friendly-table-of-contents

A simple seo friendly table of contents plugin that does not require editing in your themes source code.

100 No CVEs

Promasterweb – Sommaire automatique

promasterweb-sommaire-automatique

100

Automatically generates a clean, SEO-friendly table of contents from H2 headings in your WordPress posts — zero configuration required.

0 No CVEs

Easy Table of Contents

easy-table-of-contents

Adds a user friendly and fully automatic way to create and display a table of contents generated from the page content.

600K 6 CVEs

Table of Contents Plus

table-of-contents-plus

A powerful yet user friendly plugin that automatically creates a table of contents. Can also output a sitemap listing all pages and categories.

200K 5 CVEs

LuckyWP Table of Contents

luckywp-table-of-contents

Creates SEO-friendly table of contents for your posts/pages. Works automatically or manually (via shortcode, Gutenberg block or widget).

100K 5 CVEs

Developer Profile

MK Table of Contents Developer Profile

mojo101

2 plugins · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MK Table of Contents

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mk-table-of-contents/css/mk-toc.css/wp-content/plugins/mk-table-of-contents/js/mk-toc.js/wp-content/plugins/mk-table-of-contents/css/mk-toc-mce.css/wp-content/plugins/mk-table-of-contents/js/mk-toc-tinymce-button.js

Script Paths

/wp-content/plugins/mk-table-of-contents/js/mk-toc.js

Version Parameters

mk-table-of-contents/css/mk-toc.css?ver=mk-table-of-contents/js/mk-toc.js?ver=mk-table-of-contents/css/mk-toc-mce.css?ver=mk-table-of-contents/js/mk-toc-tinymce-button.js?ver=

HTML / DOM Fingerprints

CSS Classes

mk-tocmk-toc-navmk-toc-headingmk-toc-listmk-toc-anchor-link

Data Attributes

mk_toc_sc_button_key

JS Globals

mk_toc_jsvar

Shortcode Output

<nav class="mk-toc mk-toc-nav"><p class="mk-toc mk-toc-heading"><ul class="mk-toc mk-toc-list"><a href="#

FAQ