Does Save as PDF Plugin by PDFCrowd have any unpatched vulnerabilities?

No. All known vulnerabilities in Save as PDF Plugin by PDFCrowd have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Save as PDF Plugin by PDFCrowd compatible with WordPress 6.9.4?

According to WordPress.org data, Save as PDF Plugin by PDFCrowd 4.5.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Save as PDF Plugin by PDFCrowd compatible with PHP 5.1+?

Save as PDF Plugin by PDFCrowd requires PHP 5.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Save as PDF Plugin by PDFCrowd updated?

Save as PDF Plugin by PDFCrowd was last updated on Jan 13, 2026. Frequent updates are generally a positive security signal.

What is Save as PDF Plugin by PDFCrowd's security score?

Save as PDF Plugin by PDFCrowd has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Save as PDF Plugin by PDFCrowd Security & Risk Analysis

wordpress.org/plugins/save-as-pdf-by-pdfcrowd

Enable visitors to download your webpages as PDF with just one click.

1K active installs v4.5.6 PHP 5.1+ WP 4.0+ Updated Jan 13, 2026

content-exportpdf-conversionpdf-widgetprintable-contentweb-to-pdf

A · Safe

CVEs total10

Unpatched0

Last CVEJan 24, 2026

Plugin page Download

Safety Verdict

Is Save as PDF Plugin by PDFCrowd Safe to Use in 2026?

Generally Safe

Score 92/100

Save as PDF Plugin by PDFCrowd has a strong security track record. Known vulnerabilities have been patched promptly.

10 known CVEsLast CVE: Jan 24, 2026Updated 2mo ago

Risk Assessment

The save-as-pdf-by-pdfcrowd plugin, version 4.5.6, presents a mixed security posture. While it demonstrates good practices in its SQL query handling, with 100% using prepared statements and a high percentage of output escaping, several significant concerns exist. The plugin has a notable attack surface with 6 entry points, 4 of which lack any authentication checks. This is exacerbated by the presence of 2 flows with unsanitized paths, although these did not reach a critical or high severity in the taint analysis. The plugin's vulnerability history is a major red flag, with 10 known CVEs, including 1 high and 9 medium severity vulnerabilities. The fact that the last vulnerability was in 2026, while concerning for a current analysis, suggests a pattern of past security weaknesses. This history, combined with the unprotected entry points, indicates a plugin that has historically been a target and may require careful scrutiny and timely updates.

Despite the positive aspects like proper SQL handling and mostly escaped output, the plugin's past indicates a susceptibility to significant vulnerabilities like deserialization, missing authorization, and cross-site scripting. The unprotected AJAX handlers are a direct pathway for potential exploitation if vulnerabilities are present. The presence of unsanitized paths, even if not leading to critical issues in this version, warrants caution. The overall risk is elevated due to the historical pattern of vulnerabilities and the exposed attack surface. Users should be particularly vigilant about updates and consider the plugin's past record when assessing its trustworthiness.

Key Concerns

4 AJAX handlers without auth checks
2 flows with unsanitized paths
10 total known CVEs (1 high, 9 medium)
1 nonce check for 6 entry points
14 capability checks for 6 entry points

Vulnerabilities

Save as PDF Plugin by PDFCrowd Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

6 CVEs in 2024

2024

2 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

10 total CVEs

CVE-2026-0862medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Save as PDF Plugin by PDFCrowd <= 4.5.5 - Reflected Cross-Site Scripting via options

Jan 24, 2026 Patched in 4.5.6 (1d)

CVE-2025-59552medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Save as PDF <= 4.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 4.5.3 (5d)

CVE-2025-24671high · 8.1Deserialization of Untrusted Data

Save as PDF Plugin by Pdfcrowd <= 4.4.0 - Unauthenticated PHP Object Injection

Jan 21, 2025 Patched in 4.4.1 (35d)

CVE-2024-10891medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Save as PDF Plugin by Pdfcrowd <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 19, 2024 Patched in 4.2.2 (1d)

CVE-2024-37549medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Save as PDF plugin by Pdfcrowd <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jul 6, 2024 Patched in 4.0.1 (6d)

CVE-2024-35649medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Save as PDF Plugin by Pdfcrowd <= 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 3, 2024 Patched in 3.3.0 (9d)

CVE-2024-33684medium · 6.4Missing Authorization

Save as PDF plugin by Pdfcrowd <= 3.2.0 - Missing Authorization

Apr 26, 2024 Patched in 3.2.1 (6d)

CVE-2023-5971medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Save as PDF Plugin by Pdfcrowd <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 18, 2024 Patched in 3.2.0 (29d)

CVE-2024-31930medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Save as PDF <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 10, 2024 Patched in 3.2.2 (16d)

CVE-2023-40668medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Save as PDF plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

Aug 21, 2023 Patched in 2.16.1 (155d)

Code Analysis

Analyzed Mar 16, 2026

Save as PDF Plugin by PDFCrowd Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

76 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

92% escaped83 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

save_as_pdf_pdfcrowd (public\class-save-as-pdf-pdfcrowd-public.php:1597)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Save as PDF Plugin by PDFCrowd Attack Surface

Entry Points6

Unprotected4

AJAX Handlers 4

authwp_ajax_save_as_pdf_pdfcrowd_create_buttonincludes\class-save-as-pdf-pdfcrowd.php:180

authwp_ajax_save_as_pdf_pdfcrowd_dismiss_upgradeincludes\class-save-as-pdf-pdfcrowd.php:183

authwp_ajax_save_as_pdf_pdfcrowdpublic\class-save-as-pdf-pdfcrowd-public.php:153

noprivwp_ajax_save_as_pdf_pdfcrowdpublic\class-save-as-pdf-pdfcrowd-public.php:154

Shortcodes 2

[save_as_pdf_pdfcrowd] public\class-save-as-pdf-pdfcrowd-public.php:149

[block_save_as_pdf_pdfcrowd] public\class-save-as-pdf-pdfcrowd-public.php:151

WordPress Hooks 11

actionplugins_loadedincludes\class-save-as-pdf-pdfcrowd.php:156

actionadmin_enqueue_scriptsincludes\class-save-as-pdf-pdfcrowd.php:170

actionadmin_enqueue_scriptsincludes\class-save-as-pdf-pdfcrowd.php:171

actionadmin_menuincludes\class-save-as-pdf-pdfcrowd.php:172

actionadmin_initincludes\class-save-as-pdf-pdfcrowd.php:173

actionadmin_noticesincludes\class-save-as-pdf-pdfcrowd.php:175

actionwp_enqueue_scriptsincludes\class-save-as-pdf-pdfcrowd.php:198

actionwp_enqueue_scriptsincludes\class-save-as-pdf-pdfcrowd.php:199

actioninitincludes\class-save-as-pdf-pdfcrowd.php:200

filterthe_contentpublic\class-save-as-pdf-pdfcrowd-public.php:67

filterthe_excerptpublic\class-save-as-pdf-pdfcrowd-public.php:68

Maintenance & Trust

Save as PDF Plugin by PDFCrowd Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 13, 2026

PHP min version5.1

Downloads74K

Community Trust

Rating82/100

Number of ratings27

Active installs1K

Alternatives

Save as PDF Plugin by PDFCrowd Alternatives

LLM Markdown – Expose Content as .md

llm-markdown

100

Expose WordPress posts and pages as real .md URLs with YAML front matter for LLMs, AI ingestion, and headless workflows.

10 No CVEs

Developer Profile

Save as PDF Plugin by PDFCrowd Developer Profile

Pdfcrowd Dev Team

2 plugins · 1K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect Save as PDF Plugin by PDFCrowd

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/save-as-pdf-by-pdfcrowd/public/css/save-as-pdf-pdfcrowd-public.css/wp-content/plugins/save-as-pdf-by-pdfcrowd/public/css/save-as-pdf-pdfcrowd-indicators.css/wp-content/plugins/save-as-pdf-by-pdfcrowd/public/js/save-as-pdf-pdfcrowd-public.js

Script Paths

/wp-content/plugins/save-as-pdf-by-pdfcrowd/admin/js/save-as-pdf-pdfcrowd-admin.js/wp-content/plugins/save-as-pdf-by-pdfcrowd/public/js/save-as-pdf-pdfcrowd-indicators.js

Version Parameters

save-as-pdf-pdfcrowd/admin/css/save-as-pdf-pdfcrowd-admin.css?ver=save-as-pdf-pdfcrowd/public/css/save-as-pdf-pdfcrowd-indicators.css?ver=save-as-pdf-pdfcrowd/admin/js/save-as-pdf-pdfcrowd-admin.js?ver=save-as-pdf-pdfcrowd/public/js/save-as-pdf-pdfcrowd-indicators.js?ver=

HTML / DOM Fingerprints

CSS Classes

save-as-pdf-pdfcrowd-noticesave-as-pdf-pdfcrowd-upgrade-noticepdfcrowd-button

Data Attributes

data-pdfcrowd-placeholder

JS Globals

save_as_pdf_pdfcrowd

FAQ