Does PDF Poster – Display PDF Files with Custom Viewer have any unpatched vulnerabilities?

No. All known vulnerabilities in PDF Poster – Display PDF Files with Custom Viewer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PDF Poster – Display PDF Files with Custom Viewer compatible with WordPress 6.9.4?

According to WordPress.org data, PDF Poster – Display PDF Files with Custom Viewer 2.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PDF Poster – Display PDF Files with Custom Viewer compatible with PHP 7.1+?

PDF Poster – Display PDF Files with Custom Viewer requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is PDF Poster – Display PDF Files with Custom Viewer's security score?

PDF Poster – Display PDF Files with Custom Viewer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PDF Poster – Display PDF Files with Custom Viewer Security & Risk Analysis

wordpress.org/plugins/pdf-poster

PDF Poster lets you embed PDF files in WordPress using a responsive viewer and block support, including full-screen, download, and print options.

20K active installs v2.5.0 PHP 7.1+ WP 5.0+ Updated Mar 4, 2026

embed-pdfpdfpdf-embedderpdf-pluginpdf-viewer

A · Safe

CVEs total1

Unpatched0

Last CVEJan 24, 2024

Plugin page Download

Safety Verdict

Is PDF Poster – Display PDF Files with Custom Viewer Safe to Use in 2026?

Generally Safe

Score 100/100

PDF Poster – Display PDF Files with Custom Viewer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 24, 2024Updated 1mo ago

Risk Assessment

The 'pdf-poster' plugin v2.5.0 exhibits a mixed security posture. While it demonstrates good practices in output escaping and avoids dangerous functions and file operations, there are significant areas of concern. The presence of an unprotected AJAX handler represents a critical entry point that could be exploited by attackers if not properly secured. Additionally, all SQL queries lack prepared statements, which significantly increases the risk of SQL injection vulnerabilities. The plugin's vulnerability history shows a past medium-severity Cross-Site Scripting (XSS) vulnerability, indicating that input sanitization has been an issue, and the absence of any taint analysis data makes it difficult to assess the current risk of such flaws. Despite its strengths in output escaping, the unprotected AJAX handler and the complete lack of SQL preparedness are substantial weaknesses that warrant attention.

Key Concerns

Unprotected AJAX handler
SQL queries not using prepared statements
Past medium severity XSS vulnerability

Vulnerabilities

PDF Poster – Display PDF Files with Custom Viewer Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-23508medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF Poster - PDF Embedder Plugin for WordPress <= 2.1.17 - Reflected Cross-Site Scripting

Jan 24, 2024 Patched in 2.1.18 (3d)

Code Analysis

Analyzed Mar 16, 2026

PDF Poster – Display PDF Files with Custom Viewer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

42 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

0% prepared4 total queries

Output Escaping

98% escaped43 total outputs

Attack Surface

1 unprotected

PDF Poster – Display PDF Files with Custom Viewer Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 1

authwp_ajax_pdf_poster_ajaxinc\Model\AjaxCall.php:20

Shortcodes 3

[pdf] inc\Base\Shortcodes.php:14

[raw_pdf] inc\Base\Shortcodes.php:15

[pdf_embed] inc\Base\Shortcodes.php:16

WordPress Hooks 34

actioninitblocks.php:18

actionadmin_enqueue_scriptsinc\admin.php:10

actionadmin_menuinc\admin.php:11

actionwp_enqueue_scriptsinc\Api\DropboxApi.php:21

actionadmin_enqueue_scriptsinc\Api\DropboxApi.php:22

filterscript_loader_taginc\Api\DropboxApi.php:23

actionadmin_footerinc\Api\DropboxApi.php:24

actionadmin_enqueue_scriptsinc\Api\GoogleDriveApi.php:22

actionadmin_footerinc\Api\GoogleDriveApi.php:23

actionwp_enqueue_scriptsinc\Base\EnqueueAssets.php:14

actionadmin_enqueue_scriptsinc\Base\EnqueueAssets.php:15

actionwp_enqueue_mediainc\Base\EnqueueAssets.php:18

actionscript_loader_taginc\Base\EnqueueAssets.php:19

actioninitinc\Base\EnqueueAssets.php:20

filteradmin_footer_textinc\Base\GlobalChanges.php:16

actioninitinc\Field\MetaBox.php:19

actioninitinc\Field\Settings.php:13

actionadmin_noticesinc\Field\Settings.php:15

actioninitinc\PostType\PDFPoster.php:17

filterpost_row_actionsinc\PostType\PDFPoster.php:19

filtermanage_pdfposter_posts_columnsinc\PostType\PDFPoster.php:21

actionmanage_pdfposter_posts_custom_columninc\PostType\PDFPoster.php:22

filterpost_updated_messagesinc\PostType\PDFPoster.php:23

actionadmin_head-post.phpinc\PostType\PDFPoster.php:25

actionadmin_head-post-new.phpinc\PostType\PDFPoster.php:26

filtergettextinc\PostType\PDFPoster.php:27

filterfilter_block_editor_meta_boxesinc\PostType\PDFPoster.php:29

actionuse_block_editor_for_postinc\PostType\PDFPoster.php:30

actionedit_form_after_titleinc\PostType\PDFPoster.php:33

actionrest_api_initinc\Rest\getMeta.php:16

actionmedia_buttonspdf-poster.php:75

actionadmin_initpdf-poster.php:82

actionwp_headpdf-poster.php:91

actionadmin_footerpdf-poster.php:102

Maintenance & Trust

PDF Poster – Display PDF Files with Custom Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.1

Downloads662K

Community Trust

Rating90/100

Number of ratings143

Active installs20K

Alternatives

PDF Poster – Display PDF Files with Custom Viewer Alternatives

PDF Embedder

pdf-embedder

100

Seamlessly embed PDFs into your content, with customizations and intelligent responsive resizing, and no third-party services or iframes.

300K 1 CVE

Document Embedder – Embed PDFs, Word, Excel, and Other Files

document-emberdder

Document Embedder lets you display PDF, DOCX, PPTX, XLSX, and other files in WordPress sites with a responsive viewer and optional download button.

10K 4 CVEs

Pdf Embed

pdf-embed

100

PDF embedder with official Adobe Embed API.

10K No CVEs

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder

real3d-flipbook-lite

Embed PDF files easily anywhere on your website. Display your PDFs and images as stunning, interactive 3D flipbooks directly within WordPress.

10K 1 unpatched

Algori PDF Viewer

algori-pdf-viewer

Algori PDF Viewer is a Gutenberg Block Plugin that enables you to easily display PDF documents directly on your website.

7K 1 CVE

Developer Profile

PDF Poster – Display PDF Files with Custom Viewer Developer Profile

colorlibplugins

120 plugins · 738K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

140 days

View full developer profile

Detection Fingerprints

How We Detect PDF Poster – Display PDF Files with Custom Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pdf-poster/build/dashboard.css/wp-content/plugins/pdf-poster/build/dashboard.js

Script Paths

/wp-content/plugins/pdf-poster/build/dashboard.js

Version Parameters

pdf-poster/build/dashboard.css?ver=pdf-poster/build/dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes

pdfp_insert_pdf_btn

Data Attributes

data-dir

JS Globals

pdfpDashboardtokenClientaccessTokenpickerInitedgisInited

FAQ