Does MPL-Publisher — Ebook & Audiobook Creator have any unpatched vulnerabilities?

No. All known vulnerabilities in MPL-Publisher — Ebook & Audiobook Creator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MPL-Publisher — Ebook & Audiobook Creator compatible with WordPress 6.9.4?

According to WordPress.org data, MPL-Publisher — Ebook & Audiobook Creator 2.22.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MPL-Publisher — Ebook & Audiobook Creator compatible with PHP 7.4+?

MPL-Publisher — Ebook & Audiobook Creator requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MPL-Publisher — Ebook & Audiobook Creator updated?

MPL-Publisher — Ebook & Audiobook Creator was last updated on Jan 21, 2026. Frequent updates are generally a positive security signal.

What is MPL-Publisher — Ebook & Audiobook Creator's security score?

MPL-Publisher — Ebook & Audiobook Creator has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MPL-Publisher — Ebook & Audiobook Creator Security & Risk Analysis

wordpress.org/plugins/mpl-publisher

MPL-Publisher 📚 creates an ebook, print-ready PDF book, EPUB for KDP, Flipbook, or Audiobook MP3 converting your WordPress posts.

800 active installs v2.22.0 PHP 7.4+ WP 5.0+ Updated Jan 21, 2026

audiobookdocxebookepubkindle

A · Safe

CVEs total3

Unpatched0

Last CVEApr 22, 2025

Plugin page Download

Safety Verdict

Is MPL-Publisher — Ebook & Audiobook Creator Safe to Use in 2026?

Generally Safe

Score 97/100

MPL-Publisher — Ebook & Audiobook Creator has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 22, 2025Updated 2mo ago

Risk Assessment

The "mpl-publisher" v2.22.0 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices with 100% of its SQL queries using prepared statements and a relatively high percentage of output being properly escaped. It also incorporates nonce and capability checks, which are essential for WordPress security.

However, a significant concern arises from the presence of an unprotected AJAX handler, representing a direct attack surface without authentication. While no critical or high severity taint flows were identified in the static analysis, the existence of an unprotected entry point remains a risk. The vulnerability history, though currently showing no unpatched CVEs, reveals a past pattern of three medium severity vulnerabilities, predominantly Cross-site Scripting (XSS) issues. This suggests a potential for input validation and output sanitization weaknesses that have required attention in the past, even if seemingly resolved in this version. The last vulnerability being in April 2025 also indicates the analysis might be based on future data, which should be noted.

In conclusion, while the current version of "mpl-publisher" shows improvement in secure coding practices like prepared statements and escaping, the unprotected AJAX handler is a critical vulnerability that needs immediate attention. The historical pattern of XSS vulnerabilities also warrants continued vigilance and thorough testing to ensure these issues do not resurface. Overall, the plugin has strengths but harbors a notable weakness in its attack surface.

Key Concerns

Unprotected AJAX handler
Medium severity CVEs in history
Unsanitized output (20% not escaped)

Vulnerabilities

MPL-Publisher — Ebook & Audiobook Creator Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-46226medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MPL-Publisher <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 22, 2025 Patched in 2.18.1 (9d)

CVE-2021-39343medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MPL-Publisher <= 1.30.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 15, 2021 Patched in 1.30.3 (829d)

WF-1ae01053-e6cd-4ddf-9e2a-4658cdb60f8e-mpl-publishermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PHPRelativePath Library - Various Plugins (Various Versions) - Reflected Cross-Site Scripting

Aug 25, 2021 Patched in 1.29.2 (881d)

Code Analysis

Analyzed Mar 16, 2026

MPL-Publisher — Ebook & Audiobook Creator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

143 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQueryGuzzle

Output Escaping

80% escaped179 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

save_publisher_screen_options (mpl-publisher.php:260)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

MPL-Publisher — Ebook & Audiobook Creator Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_mpl_duplicate_postmpl-publisher.php:83

Shortcodes 1

[mpl] mpl-publisher.php:164

WordPress Hooks 12

actioninitmpl-publisher.php:30

actionadmin_menumpl-publisher.php:53

actionadmin_post_publish_ebookmpl-publisher.php:77

actionwp_loadedmpl-publisher.php:89

actionadmin_enqueue_scriptsmpl-publisher.php:100

actionwp_enqueue_scriptsmpl-publisher.php:134

actionadd_meta_boxesmpl-publisher.php:139

actionwidgets_initmpl-publisher.php:151

filteradmin_footer_textmpl-publisher.php:171

filteret_builder_should_load_frameworkmpl-publisher.php:201

filterscreen_settingsmpl-publisher.php:212

actionadmin_initmpl-publisher.php:258

Maintenance & Trust

MPL-Publisher — Ebook & Audiobook Creator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 21, 2026

PHP min version7.4

Downloads46K

Community Trust

Rating98/100

Number of ratings42

Active installs800

Alternatives

MPL-Publisher — Ebook & Audiobook Creator Alternatives

dotEPUB, a push-button cloud-based e-book maker

dotepub

The dotEPUB plugin automatically adds a "Download as an e-book" button or link to your blog posts.

10 No CVEs

Post 2 epub

post-2-epub

Permite crear archivos en formato epub con las entradas publicadas en el sitio. Allows you to create epub format with the entries posted on the site.

10 No CVEs

Allow ePUB and MOBI formats upload

allow-epub-and-mobi-formats-upload

WordPress does not allow upload ePUB and MOBI formats.

3K No CVEs

Simple Ebook Viewer

simple-ebook-viewer

100

Embed and display Ebooks in your website.

300 No CVEs

wp2epub

wp2epub generate ePub files directly from WordPress.

60 No CVEs

Developer Profile

MPL-Publisher — Ebook & Audiobook Creator Developer Profile

ferranfg

1 plugin · 800 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

573 days

View full developer profile

Detection Fingerprints

How We Detect MPL-Publisher — Ebook & Audiobook Creator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mpl-publisher/assets/css/chosen.min.css/wp-content/plugins/mpl-publisher/assets/css/introjs.min.css/wp-content/plugins/mpl-publisher/assets/css/mpl-publisher.css/wp-content/plugins/mpl-publisher/assets/css/mpl-widget.css/wp-content/plugins/mpl-publisher/assets/css/tui-color-picker.min.css/wp-content/plugins/mpl-publisher/assets/css/tui-image-editor.min.css/wp-content/plugins/mpl-publisher/assets/js/bootstrap.js/wp-content/plugins/mpl-publisher/assets/js/chosen.jquery.min.js+9 more

Script Paths

https://cdn.jsdelivr.net/npm/@twemoji/api@latest/dist/twemoji.min.js

Version Parameters

mpl-publisher/style.css?mpl=mpl-publisher/script.js?mpl=

HTML / DOM Fingerprints

CSS Classes

mpl

Data Attributes

data-mpl-publisher

Shortcode Output

[mpl]

FAQ