Does Parsedown Importer have any unpatched vulnerabilities?

No. All known vulnerabilities in Parsedown Importer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Parsedown Importer compatible with WordPress 4.8.28?

According to WordPress.org data, Parsedown Importer 1.0.8 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Parsedown Importer updated?

Parsedown Importer was last updated on Sep 12, 2017. Frequent updates are generally a positive security signal.

What is Parsedown Importer's security score?

Parsedown Importer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Parsedown Importer Security & Risk Analysis

wordpress.org/plugins/parsedown-importer

An unofficial Parsedown importer for translating Markdown files into WordPress posts/pages.

10 active installs v1.0.8 PHP + WP 3.7+ Updated Sep 12, 2017

adminimporterpagesposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Parsedown Importer Safe to Use in 2026?

Generally Safe

Score 85/100

Parsedown Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The parsedown-importer plugin v1.0.8 exhibits a strong security posture based on the provided static analysis and vulnerability history. The code demonstrates adherence to good security practices, including the use of prepared statements for all SQL queries, proper output escaping, and the presence of nonce and capability checks. The limited attack surface, with only one unprotected AJAX handler and no REST API routes, shortcodes, or cron events, further enhances its security. The complete absence of known CVEs and a clean vulnerability history, with no recorded common vulnerability types, strongly suggests a well-maintained and secure codebase.

While the static analysis shows no critical or high-severity taint flows and a lack of dangerous functions, the presence of one AJAX handler without an explicit authentication check, as noted in the attack surface, is a minor area for potential concern. However, given that the total entry points are minimal and the vulnerability history is spotless, this is likely not a significant exploit vector. The plugin's strengths lie in its diligent implementation of core security checks and its minimal historical security incidents.

In conclusion, parsedown-importer v1.0.8 appears to be a very secure plugin. The developers have implemented essential security measures correctly. The only point of note is the single AJAX handler, which ideally would have an explicit authentication check detailed in the analysis. Nevertheless, the overall evidence points to a low-risk plugin.

Key Concerns

AJAX handler without explicit auth check

Vulnerabilities

None known

Parsedown Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Parsedown Importer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped2 total outputs

Attack Surface

Parsedown Importer Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_pdi_importpdi.php:62

WordPress Hooks 3

actioninitpdi.php:34

actionadmin_menupdi.php:60

actionadmin_enqueue_scriptspdi.php:61

Maintenance & Trust

Parsedown Importer Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedSep 12, 2017

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Parsedown Importer Alternatives

LH Archived Post Status

lh-archived-post-status

Allows posts and pages to be archived so you can remove content from the main loop and feed without having to trash it.

4K No CVEs

Sortable Word Count Reloaded

sortable-word-count-reloaded

100

Adds a sortable column to the posts and pages admin list with the word count of each page/post.

2K No CVEs

Bulk Edit YOAST SEO fields in Spreadsheet

wp-sheet-editor-yoast-seo

Bulk Edit posts, pages, and WooCommerce products YOAST SEO fields using a spreadsheet.

1K No CVEs

Filter Admin Published Default

filter-admin-published-default

100

Enables all public post types (posts, pages, etc) in wp-admin to show the Published filter by default.

400 No CVEs

Post Descriptions

post-descriptions

100

A lightweight WordPress plugin that lets you add quick descriptions or personal notes to your posts and pages — perfect for reminders, to-do's, o …

100 No CVEs

Developer Profile

Parsedown Importer Developer Profile

foresthoffman

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Parsedown Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/parsedown-importer/import-page.css/wp-content/plugins/parsedown-importer/import-page.js

Script Paths

/wp-content/plugins/parsedown-importer/import-page.js

Version Parameters

parsedown-importer/import-page.css?ver=parsedown-importer/import-page.js?ver=

HTML / DOM Fingerprints

CSS Classes

pdi-hiddenpdi-import-optionspdi-import-option-wrappdi-import-option-labelpdi-file-input-wrappdi-btn-wrappdi-btn-selectpdi-file-input+2 more

Data Attributes

data-wp-nonce

JS Globals

PDI

REST Endpoints

/wp-json/pdi/v1/import

Shortcode Output

<div class='alert alert-danger pdi-hidden' role='alert'></div><div class='alert alert-success pdi-hidden' role='alert'></div><h1>Parsedown Import</h1>

<p>Import Markdown files (ending with <code>.md, .markdown, or .mdown</code>) and convert them directly into WordPress posts/pages.</p>

FAQ