Does PDF 2 Post have any unpatched vulnerabilities?

Yes — PDF 2 Post currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is PDF 2 Post compatible with WordPress 5.2.24?

According to WordPress.org data, PDF 2 Post 2.4.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is PDF 2 Post updated?

PDF 2 Post was last updated on Jul 7, 2020. Frequent updates are generally a positive security signal.

What is PDF 2 Post's security score?

PDF 2 Post has a WP-Safety security score of 61/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PDF 2 Post Security & Risk Analysis

wordpress.org/plugins/pdf2post

Bulk convert PDF documents to posts (imports all text and images - and attach images automatically to newly created posts).

100 active installs v2.4.0 PHP + WP 4.0+ Updated Jul 7, 2020

2bulkpdfpostto

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 15, 2025

Plugin page Download

Safety Verdict

Is PDF 2 Post Safe to Use in 2026?

Use With Caution

Score 61/100

PDF 2 Post has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 15, 2025Updated 5yr ago

Risk Assessment

The pdf2post plugin v2.4.0 presents a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and appears to have a limited direct attack surface through its shortcode entry point, significant concerns arise from the static analysis and vulnerability history. The presence of dangerous functions like 'exec' combined with a high number of unsanitized path taint flows is a critical red flag, indicating a strong potential for code injection vulnerabilities. The low percentage of properly escaped output further exacerbates this risk, as untrusted data could be directly included in responses. The vulnerability history, specifically a recent high-severity CVE for 'Improper Control of Generation of Code ('Code Injection')' that remains unpatched, strongly suggests that the code is susceptible to this type of attack. This pattern of recurring code injection vulnerabilities, coupled with the 'exec' function and unsanitized paths, points to a persistent and serious security weakness within the plugin's development and maintenance.

Key Concerns

Unpatched high severity CVE
Critical unsanitized path taint flows
Use of dangerous function 'exec'
Low output escaping percentage
No capability checks on entry points

Vulnerabilities

PDF 2 Post Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-32583high · 8.8Improper Control of Generation of Code ('Code Injection')

PDF 2 Post <= 2.4.0 - Authenticated (Subscriber+) Remote Code Execution

Apr 15, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

PDF 2 Post Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec$pythonVersion = exec($cmd, $outputArray);pdf2post.php:236

exec$appLocation = exec($cmdWhich, $outputArray);pdf2post.php:267

exec$appVersion = exec($cmd, $outputArray);pdf2post.php:273

exec$lastLine = exec($cmd, $outputArray);pdf2post.php:289

exec$exec_version = exec($v_cmd, $outputArray);pdf2post.php:299

exec$lastLine = exec($cmd, $output, $ret_var);pdf2post.php:731

exec$lastLine = exec($cmd, $output, $ret_var);pdf2post.php:736

exec$pdfToHTMLConversionOutputLastLine = exec($command, $output, $ret_val);pdf2post.php:803

exec$xmlExtractionOutputLastLine = exec($xml_extract_command, $output, $ret_val);pdf2post.php:817

Output Escaping

9% escaped33 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

handle_pdf (pdf2post.php:472)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PDF 2 Post Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[pdf2post_demo] pdf2post.php:38

WordPress Hooks 2

actionadmin_menupdf2post.php:34

actionwp_enqueue_scriptspdf2post.php:42

Maintenance & Trust

PDF 2 Post Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJul 7, 2020

PHP min version

Downloads10K

Community Trust

Rating90/100

Number of ratings4

Active installs100

Alternatives

PDF 2 Post Alternatives

Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor

bulk-edit-categories-tags

100

Modern Bulk Editor for Blog Categories and Tags, create and edit hundreds of categories in a spreadsheet inside wp-admin. Quick edits.

4K No CVEs

WOLF – WordPress Posts Bulk Editor and Manager Professional

bulk-editor

WOLF (formerly WPBE) - a WordPress plugin for managing posts, pages, and custom types easily. Perfect for real estate, cars, etc.

4K 13 CVEs

DK PDF – WordPress PDF Generator

dk-pdf

DK PDF allows your site visitors generate PDF files from WordPress posts, pages, custom post types and WooCommerce products using a button.

4K 2 CVEs

Auto Update Post Date

auto-update-post-date

Keep your WordPress content evergreen with Auto Update Post Date – a FREE simple WP plugin designed to effortlessly update your posts and boost SEO

1K No CVEs

Delete Posts automatically

delete-old-posts-programmatically

100

The Delete Posts Automatically plugin keeps your website clean by programmatically deleting posts using a wide range of powerful filters.

1K No CVEs

Developer Profile

PDF 2 Post Developer Profile

termel

14 plugins · 800 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PDF 2 Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pdf2post/css/pdf2post.css

Version Parameters

pdf2post/css/pdf2post.css?ver=

HTML / DOM Fingerprints

Data Attributes

name="pdf2post_submit"id="selected_post_type_id"id="status_id"id="types_id"name="pdf2post_upload_nonce"

Shortcode Output

<div style="background: #f5f5f5; border-radius: 4px; padding: 1em; border: 1px solid #a3a3a3; font-size: 0.8rem;"><h3>Document processing results</h3><h2>Upload a File (single <em>.pdf</em> or a <em>.zip</em> containing <em>.pdf</em> files)</h2><form method="post" enctype="multipart/form-data">

FAQ