Does PDF Generator for Posts & Pages – Export Any Post Type to PDF have any unpatched vulnerabilities?

No. All known vulnerabilities in PDF Generator for Posts & Pages – Export Any Post Type to PDF have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PDF Generator for Posts & Pages – Export Any Post Type to PDF compatible with WordPress 6.9.4?

According to WordPress.org data, PDF Generator for Posts & Pages – Export Any Post Type to PDF 1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PDF Generator for Posts & Pages – Export Any Post Type to PDF compatible with PHP 7.4+?

PDF Generator for Posts & Pages – Export Any Post Type to PDF requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

PDF Generator for Posts & Pages – Export Any Post Type to PDF Security & Risk Analysis

wordpress.org/plugins/post-to-pdf

Add a one-click PDF download button to any post, page, or custom post type. Includes a visual layout builder, ACF field support, color control, and sh …

90 active installs v1.1 PHP 7.4+ WP 5.6+ Updated Mar 15, 2026

export-post-pdfpdf-downloadpdf-generatorpost-to-pdfwordpress-pdf

A · Safe

CVEs total1

Unpatched0

Last CVEDec 13, 2024

Download

Safety Verdict

Is PDF Generator for Posts & Pages – Export Any Post Type to PDF Safe to Use in 2026?

Generally Safe

Score 99/100

PDF Generator for Posts & Pages – Export Any Post Type to PDF has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 13, 2024Updated 19d ago

Risk Assessment

The 'post-to-pdf' plugin version 1.1 exhibits a mixed security posture. While it demonstrates good practices such as exclusively using prepared statements for SQL queries and performing a significant number of nonce and capability checks, there are notable areas of concern. The presence of 7 REST API routes, with one lacking permission callbacks, presents a direct unprotected entry point into the plugin's functionality. This is a significant risk as it could allow unauthorized users to interact with or exploit this endpoint. The plugin also has a history of vulnerabilities, specifically a medium severity Cross-Site Scripting (XSS) issue reported relatively recently. While this specific vulnerability is patched, the recurring nature of such issues suggests potential weaknesses in input sanitization or output escaping that might not be fully captured by static analysis alone.

Key Concerns

REST API route without permission callback
Medium severity XSS vulnerability history
63% of outputs properly escaped

Vulnerabilities

PDF Generator for Posts & Pages – Export Any Post Type to PDF Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-12446medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post to Pdf <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 13, 2024 Patched in 1.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

PDF Generator for Posts & Pages – Export Any Post Type to PDF Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

63% escaped24 total outputs

Attack Surface

1 unprotected

PDF Generator for Posts & Pages – Export Any Post Type to PDF Attack Surface

Entry Points8

Unprotected1

REST API Routes 7

POST/wp-json/gmptp/v1/save-settingsincludes\GMPTP_API.php:13

POST/wp-json/gmptp/v1/save-customfieldincludes\GMPTP_API.php:19

POST/wp-json/gmptp/v1/delete-customfieldincludes\GMPTP_API.php:24

GET/wp-json/gmptp/v1/get-settingsincludes\GMPTP_API.php:31

GET/wp-json/gmptp/v1/morepluginincludes\GMPTP_API.php:36

GET/wp-json/gmptp/v1/acf-fieldsincludes\GMPTP_API.php:42

GET/wp-json/gmptp-pdf/v1/postsincludes\GMPTP_API_Frontend.php:9

Shortcodes 1

[gmptp_single_post] includes\GMPTP_Frontend.php:26

WordPress Hooks 11

actionadmin_menuincludes\GMPTP_Admin.php:9

actionadmin_enqueue_scriptsincludes\GMPTP_Admin.php:10

actionrest_api_initincludes\GMPTP_API.php:8

actionrest_api_initincludes\GMPTP_API_Frontend.php:5

actioninitincludes\GMPTP_Cron.php:7

actionadd_meta_boxesincludes\GMPTP_Exclude.php:10

actionsave_postincludes\GMPTP_Exclude.php:11

actioninitincludes\GMPTP_Frontend.php:11

actionwp_footerincludes\GMPTP_Frontend.php:17

actionthe_contentincludes\GMPTP_Frontend.php:22

actioninitincludes\GMPTP_PDF.php:11

Maintenance & Trust

PDF Generator for Posts & Pages – Export Any Post Type to PDF Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 15, 2026

PHP min version7.4

Downloads4K

Community Trust

Rating20/100

Number of ratings1

Active installs90

Alternatives

PDF Generator for Posts & Pages – Export Any Post Type to PDF Alternatives

DK PDF – WordPress PDF Generator

dk-pdf

DK PDF allows your site visitors generate PDF files from WordPress posts, pages, custom post types and WooCommerce products using a button.

4K 2 CVEs

PDF Generator for WordPress Elementor

pdf-generator-addon-for-elementor-page-builder

The ultimate WordPress PDF generator for Elementor. Easily export to PDF, add a download button, and convert WooCommerce products to PDF.

1K 3 CVEs

WP PDF Generator

wp-pdf-generator

Simply helps you to get your web page download as pdf

1K 1 CVE

WPMK PDF Generator

wpmk-pdf-generator

This Free Plugin will provide you to add download html to pdf

80 1 unpatched

Page2PDF – Posts & Pages to PDF Converter

page2pdf-posts-pages-to-pdf-converter

Transform any WordPress content into professional PDF documents with customizable options. The most powerful print-friendly PDF generator for WordPres …

40 No CVEs

Developer Profile

PDF Generator for Posts & Pages – Export Any Post Type to PDF Developer Profile

theme funda

26 plugins · 12K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

85 days

View full developer profile

Detection Fingerprints

How We Detect PDF Generator for Posts & Pages – Export Any Post Type to PDF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-to-pdf/build/admin/admin.js/wp-content/plugins/post-to-pdf/build/admin/admin.css

Script Paths

/wp-content/plugins/post-to-pdf/build/admin/admin.js

Version Parameters

post-to-pdf/build/admin/admin.js?ver=1.0post-to-pdf/build/admin/admin.css?ver=1

HTML / DOM Fingerprints

CSS Classes

gmptp_button

HTML Comments

+10 more

Data Attributes

name="gmptp_exclude_post_option"value="yes"value="no"name="gmptp_exclude_post_option"id="GMPTP-admin-root"

JS Globals

gmwcp_wp_ajax

REST Endpoints

/wp-json/gmptp/v1/moreplugin/wp-json/gmptp/v1/get-settings/wp-json/gmptp/v1/save-settings/wp-json/gmptp/v1/save-customfield/wp-json/gmptp/v1/delete-customfield/wp-json/gmptp/v1/acf-fields

Shortcode Output

[gmptp_single_post]

FAQ