Does PraisonAI Git Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in PraisonAI Git Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PraisonAI Git Posts compatible with WordPress 6.9.4?

According to WordPress.org data, PraisonAI Git Posts 1.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PraisonAI Git Posts compatible with PHP 7.4+?

PraisonAI Git Posts requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PraisonAI Git Posts updated?

PraisonAI Git Posts was last updated on Dec 24, 2025. Frequent updates are generally a positive security signal.

What is PraisonAI Git Posts's security score?

PraisonAI Git Posts has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PraisonAI Git Posts Security & Risk Analysis

wordpress.org/plugins/praison-file-content-git

Load WordPress content from files (Markdown, JSON, YAML) without database writes, with Git-based version control.

0 active installs v1.0.6 PHP 7.4+ WP 5.0+ Updated Dec 24, 2025

content-managementfile-basedgitmarkdownversion-control

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is PraisonAI Git Posts Safe to Use in 2026?

Generally Safe

Score 100/100

PraisonAI Git Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "praison-file-content-git" plugin v1.0.6 demonstrates several good security practices, including a strong emphasis on prepared statements for SQL queries and a high percentage of properly escaped output. The absence of known CVEs and a history of vulnerabilities is a positive indicator. Furthermore, all identified entry points (AJAX handlers, REST API routes, shortcodes, and cron events) appear to have appropriate authentication and permission checks, which significantly reduces the attack surface from unauthorized access.

However, the static analysis reveals concerning signals. A significant number of "dangerous functions" are present, including `preg_replace(/e)` and `exec`. While the specific context of their use isn't detailed here, these functions can be exploited for remote code execution or other malicious activities if not handled with extreme care and robust sanitization. The taint analysis also highlights a critical concern: 8 flows with unsanitized paths, including 2 of critical severity. This indicates potential vulnerabilities where user-supplied input, when not properly sanitized, could lead to directory traversal or other file system manipulation attacks. The presence of file operations and external HTTP requests, coupled with these unsanitized path flows, warrants careful review to ensure these operations are secure.

In conclusion, while the plugin benefits from a clean vulnerability history and robust access control on its entry points, the presence of dangerous functions and, more importantly, critical severity taint flows involving unsanitized paths represent significant potential risks. These areas require thorough investigation to confirm they are not exploitable and to implement necessary hardening. The plugin's overall security posture is mixed, with strong foundational elements undermined by specific, potentially high-impact code-level risks.

Key Concerns

Critical severity taint flows detected
Multiple flows with unsanitized paths
Presence of dangerous functions (exec, preg_replace(/e)
Potential risk with file operations

Vulnerabilities

None known

PraisonAI Git Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

PraisonAI Git Posts Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

313 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

preg_replace(/e)preg_replace('/<em[^>]*>(.*?)<\/escripts\export-to-markdown.php:48

execexec('git --version 2>&1', $gitVersionOutput, $gitVersionReturn);src\Core\Bootstrap.php:526

execexec('git --version 2>&1', $output, $return);src\Git\GitManager.php:29

execexec('git init 2>&1', $output, $return);src\Git\GitManager.php:47

execexec('git add .');src\Git\GitManager.php:54

execexec('git commit -m "Initial commit - PraisonPress content" 2>&1');src\Git\GitManager.php:55

execexec('git add ' . escapeshellarg($relativePath) . ' 2>&1', $output, $return);src\Git\GitManager.php:79

execexec('git commit -m ' . escapeshellarg($message) . ' 2>&1', $output, $return);src\Git\GitManager.php:82

execexec($command, $output, $return);src\Git\GitManager.php:103

execexec('git show ' . escapeshellarg($hash . ':' . $relativePath) . ' 2>&1', $output, $return);src\Git\GitManager.php:141

execexec('git reset --hard ' . escapeshellarg($hash) . ' 2>&1', $output, $return);src\Git\GitManager.php:165

execexec('git show ' . escapeshellarg($hash . ':' . $relativePath) . ' 2>&1', $output, $return);src\Git\GitManager.php:173

execexec('git add ' . escapeshellarg($relativePath));src\Git\GitManager.php:180

execexec('git commit -m "Rollback ' . basename($file) . ' to ' . substr($hash, 0, 7) . '"');src\Git\GitManager.php:181

execexec($command, $output, $return);src\Git\GitManager.php:224

execexec($filesCommand, $filesOutput, $filesReturn);src\Git\GitManager.php:240

execexec($diffCommand, $diffOutput, $diffReturn);src\Git\GitManager.php:245

execexec('git checkout main 2>&1', $output, $return);src\GitHub\PullRequestManager.php:141

execexec('git pull origin main 2>&1', $output, $return);src\GitHub\PullRequestManager.php:142

execexec('git checkout -b ' . escapeshellarg($branchName) . ' 2>&1', $output, $return);src\GitHub\PullRequestManager.php:145

execexec('git checkout ' . escapeshellarg($branchName) . ' 2>&1', $output, $return);src\GitHub\PullRequestManager.php:169

execexec('git add ' . escapeshellarg($relativePath) . ' 2>&1', $output, $return);src\GitHub\PullRequestManager.php:218

execexec('git commit -m ' . escapeshellarg($message) . ' 2>&1', $output, $return);src\GitHub\PullRequestManager.php:229

execexec('git push -u origin ' . escapeshellarg($branchName) . ' 2>&1', $output, $return);src\GitHub\PullRequestManager.php:254

execexec('git clone ' . escapeshellarg($this->repoUrl) . ' ' . escapeshellarg($dirName) . ' 2>&1', $outpsrc\GitHub\SyncManager.php:79

execexec('git remote -v 2>&1', $output, $return);src\GitHub\SyncManager.php:110

execexec('git remote add origin ' . escapeshellarg($this->repoUrl) . ' 2>&1', $output, $return);src\GitHub\SyncManager.php:122

execexec('git remote set-url origin ' . escapeshellarg($this->repoUrl) . ' 2>&1', $output, $return);src\GitHub\SyncManager.php:125

execexec('git fetch origin ' . escapeshellarg($this->mainBranch) . ' 2>&1', $fetchOutput, $fetchReturn);src\GitHub\SyncManager.php:148

execexec('git rev-list HEAD..origin/' . escapeshellarg($this->mainBranch) . ' --count 2>&1', $countOutpusrc\GitHub\SyncManager.php:159

execexec('git pull origin ' . escapeshellarg($this->mainBranch) . ' 2>&1', $pullOutput, $pullReturn);src\GitHub\SyncManager.php:172

execexec('git push origin ' . escapeshellarg($this->mainBranch) . ' 2>&1', $output, $return);src\GitHub\SyncManager.php:207

execexec('git fetch origin ' . escapeshellarg($this->mainBranch) . ' 2>&1', $fetchOutput, $fetchReturn);src\GitHub\SyncManager.php:241

execexec('git rev-list HEAD..origin/' . escapeshellarg($this->mainBranch) . ' --count 2>&1', $incomingOusrc\GitHub\SyncManager.php:253

execexec('git rev-list origin/' . escapeshellarg($this->mainBranch) . '..HEAD --count 2>&1', $outgoingOusrc\GitHub\SyncManager.php:257

execexec('git log -1 --format=%at origin/' . escapeshellarg($this->mainBranch) . ' 2>&1', $timeOutput);src\GitHub\SyncManager.php:261

SQL Query Safety

96% prepared24 total queries

Output Escaping

87% escaped361 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

12 flows8 with unsanitized paths

<ExportPage> (src\Admin\ExportPage.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PraisonAI Git Posts Attack Surface

Entry Points10

Unprotected0

AJAX Handlers 8

authwp_ajax_praison_start_exportsrc\Admin\ExportPage.php:19

authwp_ajax_praison_export_statussrc\Admin\ExportPage.php:20

authwp_ajax_praison_cancel_exportsrc\Admin\ExportPage.php:21

authwp_ajax_praison_merge_pr_frontendsrc\Frontend\MySubmissionsPage.php:33

authwp_ajax_praisonpress_get_contentsrc\Frontend\ReportErrorButton.php:26

noprivwp_ajax_praisonpress_get_contentsrc\Frontend\ReportErrorButton.php:27

authwp_ajax_praisonpress_submit_editsrc\Frontend\ReportErrorButton.php:29

noprivwp_ajax_praisonpress_submit_editsrc\Frontend\ReportErrorButton.php:30

REST API Routes 1

POST/wp-json/praisonpress/v1/webhook/githubsrc\API\WebhookEndpoint.php:25

Shortcodes 1

[praisonpress_my_submissions] src\Frontend\MySubmissionsPage.php:27

WordPress Hooks 25

actionplugins_loadedpraisonpressgit.php:46

actionadmin_menusrc\Admin\ExportPage.php:17

actionadmin_enqueue_scriptssrc\Admin\ExportPage.php:18

actionpraison_background_exportsrc\Admin\ExportPage.php:22

actionadmin_enqueue_scriptssrc\Admin\HistoryPage.php:17

actionadmin_menusrc\Admin\PullRequestsPage.php:48

actionadmin_post_praisonpress_merge_prsrc\Admin\PullRequestsPage.php:49

actionadmin_post_praisonpress_close_prsrc\Admin\PullRequestsPage.php:50

actionadmin_enqueue_scriptssrc\Admin\PullRequestsPage.php:51

actionrest_api_initsrc\API\WebhookEndpoint.php:18

actioninitsrc\Core\Bootstrap.php:43

filterposts_pre_querysrc\Core\Bootstrap.php:46

actionadmin_menusrc\Core\Bootstrap.php:54

actionwp_dashboard_setupsrc\Core\Bootstrap.php:57

actionadmin_menusrc\Core\Bootstrap.php:60

actionadmin_bar_menusrc\Core\Bootstrap.php:93

actionadmin_post_praison_clear_cachesrc\Core\Bootstrap.php:96

actionadmin_post_praison_rollbacksrc\Core\Bootstrap.php:99

actionadmin_noticessrc\Core\Bootstrap.php:102

actionadmin_menusrc\Core\Bootstrap.php:310

actioninitsrc\Core\PostTypeManager.php:35

actionwp_enqueue_scriptssrc\Frontend\MySubmissionsPage.php:30

actionwp_footersrc\Frontend\ReportErrorButton.php:17

actionwp_enqueue_scriptssrc\Frontend\ReportErrorButton.php:20

filterscript_loader_tagsrc\Frontend\ReportErrorButton.php:23

Scheduled Events 3

praison_background_export

Maintenance & Trust

PraisonAI Git Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 24, 2025

PHP min version7.4

Downloads102

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

PraisonAI Git Posts Alternatives

Gitium

gitium

100

Automatic git version control and deployment for your plugins and themes integrated into wp-admin.

400 No CVEs

Documents from Git

documents-from-git

A plugin to inject and render files in a WordPress post or page directly from most popular Git platforms. Currently supported file types: Markdown, J …

200 No CVEs

Git it Write – Write posts from GitHub

git-it-write

Publish markdown files present in a GitHub repository as posts to WordPress automatically

100 No CVEs

Mytory Markdown

mytory-markdown

The plugin get markdown file URL like github raw content url. It convert markdown file to html, and put it to post content.

50 No CVEs

Github README

github-readme

Easily embed GitHub READMEs in pages/posts.

20 No CVEs

Developer Profile

PraisonAI Git Posts Developer Profile

Mervin Praison

7 plugins · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

266 days

View full developer profile

Detection Fingerprints

How We Detect PraisonAI Git Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/praison-file-content-git/assets/css/export.css/wp-content/plugins/praison-file-content-git/assets/js/export.js/wp-content/plugins/praison-file-content-git/assets/css/admin.css/wp-content/plugins/praison-file-content-git/assets/js/admin.js/wp-content/plugins/praison-file-content-git/assets/js/content.js

Script Paths

/wp-content/plugins/praison-file-content-git/assets/js/export.js/wp-content/plugins/praison-file-content-git/assets/js/admin.js/wp-content/plugins/praison-file-content-git/assets/js/content.js

Version Parameters

praison-file-content-git/assets/css/export.css?ver=praison-file-content-git/assets/js/export.js?ver=praison-file-content-git/assets/css/admin.css?ver=praison-file-content-git/assets/js/admin.js?ver=praison-file-content-git/assets/js/content.js?ver=

HTML / DOM Fingerprints

CSS Classes

praison-export-containerpraison-export-statuspraison-progress-barpraison-export-controlspraison-admin-noticepraison-content-listpraison-content-item

HTML Comments

+21 more

Data Attributes

data-action="praison_start_export"data-action="praison_export_status"data-action="praison_cancel_export"data-nonce="<?php echo wp_create_nonce('praison_export_nonce'); ?>"data-post-type="all"data-batch-size="100"+1 more

JS Globals

praisonExport

Shortcode Output

[praisonpress_my_submissions]

FAQ