WP-Safety

PDF Poster – Display PDF Files with Custom Viewer Security & Risk Analysis

wordpress.org/plugins/pdf-poster

PDF Poster lets you embed PDF files in WordPress using a responsive viewer and block support, including full-screen, download, and print options.

20K active installs v2.5.0 PHP 7.1+ WP 5.0+ Updated Mar 4, 2026
embed-pdfpdfpdf-embedderpdf-pluginpdf-viewer
96
A · Safe
CVEs total3
Unpatched0
Last CVEMay 7, 2026
Plugin page Download
Safety Verdict

Is PDF Poster – Display PDF Files with Custom Viewer Safe to Use in 2026?

Generally Safe

Score 96/100

PDF Poster – Display PDF Files with Custom Viewer has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: May 7, 2026Updated 2mo ago
Risk Assessment

The 'pdf-poster' plugin v2.5.0 exhibits a mixed security posture. While it demonstrates good practices in output escaping and avoids dangerous functions and file operations, there are significant areas of concern. The presence of an unprotected AJAX handler represents a critical entry point that could be exploited by attackers if not properly secured. Additionally, all SQL queries lack prepared statements, which significantly increases the risk of SQL injection vulnerabilities. The plugin's vulnerability history shows a past medium-severity Cross-Site Scripting (XSS) vulnerability, indicating that input sanitization has been an issue, and the absence of any taint analysis data makes it difficult to assess the current risk of such flaws. Despite its strengths in output escaping, the unprotected AJAX handler and the complete lack of SQL preparedness are substantial weaknesses that warrant attention.

Key Concerns

  • Unprotected AJAX handler
  • SQL queries not using prepared statements
  • Past medium severity XSS vulnerability
Vulnerabilities
3 published

PDF Poster – Display PDF Files with Custom Viewer Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2026-27416medium · 5.3Missing Authorization

PDF Poster – Display PDF Files with Custom Viewer <= 2.4.1 - Missing Authorization

May 7, 2026 Patched in 2.5.0 (5d)
CVE-2026-32416medium · 4.3Missing Authorization

PDF Poster <= 2.4.0 - Missing Authorization

Feb 25, 2026 Patched in 2.4.1 (50d)
CVE-2024-23508medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PDF Poster - PDF Embedder Plugin for WordPress <= 2.1.17 - Reflected Cross-Site Scripting

Jan 24, 2024 Patched in 2.1.18 (3d)
Version History

PDF Poster – Display PDF Files with Custom Viewer Release Timeline

v2.5.0Current
v2.4.11 CVE
CVE-2026-27416
v2.4.02 CVEs
CVE-2026-32416 CVE-2026-27416
v2.3.12 CVEs
CVE-2026-32416 CVE-2026-27416
v2.3.02 CVEs
CVE-2026-32416 CVE-2026-27416
v2.2.42 CVEs
CVE-2026-32416 CVE-2026-27416
v2.2.32 CVEs
CVE-2026-32416 CVE-2026-27416
v2.2.12 CVEs
CVE-2026-32416 CVE-2026-27416
v2.2.02 CVEs
CVE-2026-32416 CVE-2026-27416
v2.1.242 CVEs
CVE-2026-32416 CVE-2026-27416
v2.1.232 CVEs
CVE-2026-32416 CVE-2026-27416
v2.1.222 CVEs
CVE-2026-32416 CVE-2026-27416
v2.1.212 CVEs
CVE-2026-32416 CVE-2026-27416
v2.1.202 CVEs
CVE-2026-32416 CVE-2026-27416
v2.1.182 CVEs
CVE-2026-32416 CVE-2026-27416
v2.1.123 CVEs
CVE-2024-23508 CVE-2026-32416 CVE-2026-27416
v2.0.113 CVEs
CVE-2024-23508 CVE-2026-32416 CVE-2026-27416
v2.0.83 CVEs
CVE-2024-23508 CVE-2026-32416 CVE-2026-27416
v2.0.63 CVEs
CVE-2024-23508 CVE-2026-32416 CVE-2026-27416
v1.6.53 CVEs
CVE-2024-23508 CVE-2026-32416 CVE-2026-27416
Code Analysis
Analyzed Mar 16, 2026

PDF Poster – Display PDF Files with Custom Viewer Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
0 prepared
Unescaped Output
1
42 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

0% prepared4 total queries

Output Escaping

98% escaped43 total outputs
Attack Surface
1 unprotected

PDF Poster – Display PDF Files with Custom Viewer Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 1

authwp_ajax_pdf_poster_ajaxinc\Model\AjaxCall.php:20

Shortcodes 3

[pdf] inc\Base\Shortcodes.php:14
[raw_pdf] inc\Base\Shortcodes.php:15
[pdf_embed] inc\Base\Shortcodes.php:16
WordPress Hooks 34
actioninitblocks.php:18
actionadmin_enqueue_scriptsinc\admin.php:10
actionadmin_menuinc\admin.php:11
actionwp_enqueue_scriptsinc\Api\DropboxApi.php:21
actionadmin_enqueue_scriptsinc\Api\DropboxApi.php:22
filterscript_loader_taginc\Api\DropboxApi.php:23
actionadmin_footerinc\Api\DropboxApi.php:24
actionadmin_enqueue_scriptsinc\Api\GoogleDriveApi.php:22
actionadmin_footerinc\Api\GoogleDriveApi.php:23
actionwp_enqueue_scriptsinc\Base\EnqueueAssets.php:14
actionadmin_enqueue_scriptsinc\Base\EnqueueAssets.php:15
actionwp_enqueue_mediainc\Base\EnqueueAssets.php:18
actionscript_loader_taginc\Base\EnqueueAssets.php:19
actioninitinc\Base\EnqueueAssets.php:20
filteradmin_footer_textinc\Base\GlobalChanges.php:16
actioninitinc\Field\MetaBox.php:19
actioninitinc\Field\Settings.php:13
actionadmin_noticesinc\Field\Settings.php:15
actioninitinc\PostType\PDFPoster.php:17
filterpost_row_actionsinc\PostType\PDFPoster.php:19
filtermanage_pdfposter_posts_columnsinc\PostType\PDFPoster.php:21
actionmanage_pdfposter_posts_custom_columninc\PostType\PDFPoster.php:22
filterpost_updated_messagesinc\PostType\PDFPoster.php:23
actionadmin_head-post.phpinc\PostType\PDFPoster.php:25
actionadmin_head-post-new.phpinc\PostType\PDFPoster.php:26
filtergettextinc\PostType\PDFPoster.php:27
filterfilter_block_editor_meta_boxesinc\PostType\PDFPoster.php:29
actionuse_block_editor_for_postinc\PostType\PDFPoster.php:30
actionedit_form_after_titleinc\PostType\PDFPoster.php:33
actionrest_api_initinc\Rest\getMeta.php:16
actionmedia_buttonspdf-poster.php:75
actionadmin_initpdf-poster.php:82
actionwp_headpdf-poster.php:91
actionadmin_footerpdf-poster.php:102
Maintenance & Trust

PDF Poster – Display PDF Files with Custom Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.1
Downloads668K

Community Trust

Rating90/100
Number of ratings143
Active installs20K
Alternatives

PDF Poster – Display PDF Files with Custom Viewer Alternatives

PDF Embedder

PDF Embedder

pdf-embedder

A
100

Seamlessly embed PDFs into your content, with customizations and intelligent responsive resizing, and no third-party services or iframes.

300K 1 CVE
Document Embedder – Embed PDFs, Word, Excel, and Other Files

Document Embedder – Embed PDFs, Word, Excel, and Other Files

document-emberdder

A
93

Document Embedder lets you display PDF, DOCX, PPTX, XLSX, and other files in WordPress sites with a responsive viewer and optional download button.

10K 4 CVEs
Pdf Embed

Pdf Embed

pdf-embed

A
100

PDF embedder with official Adobe Embed API.

10K No CVEs
Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder

Real 3D Flipbook – 3D FlipBook, PDF FlipBook, PDF Viewer, PDF Embedder

real3d-flipbook-lite

A
92

Embed PDF files easily anywhere on your website. Display your PDFs and images as stunning, interactive 3D flipbooks directly within WordPress.

10K 5 CVEs
Algori PDF Viewer

Algori PDF Viewer

algori-pdf-viewer

A
91

Algori PDF Viewer is a Gutenberg Block Plugin that enables you to easily display PDF documents directly on your website.

7K 1 CVE
Developer Profile

PDF Poster – Display PDF Files with Custom Viewer Developer Profile

colorlibplugins

121 plugins · 740K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
130 days
View full developer profile
Detection Fingerprints

How We Detect PDF Poster – Display PDF Files with Custom Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pdf-poster/build/dashboard.css/wp-content/plugins/pdf-poster/build/dashboard.js
Script Paths
/wp-content/plugins/pdf-poster/build/dashboard.js
Version Parameters
pdf-poster/build/dashboard.css?ver=pdf-poster/build/dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes
pdfp_insert_pdf_btn
Data Attributes
data-dir
JS Globals
pdfpDashboardtokenClientaccessTokenpickerInitedgisInited
FAQ

Frequently Asked Questions about PDF Poster – Display PDF Files with Custom Viewer