[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTDDvEOe1If1xl4muCTaw5JtPSaGJPRMzfJPqa52hgTw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":163,"crawl_stats":38,"alternatives":171,"analysis":192,"fingerprints":362},"save-as-pdf-by-pdfcrowd","Save as PDF Plugin by PDFCrowd","4.5.6","Pdfcrowd Dev Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fpdfcrowd\u002F","\u003Cp>The “Save as PDF” plugin adds a convenient button to your WordPress website, allowing visitors to save the content of the webpage as a PDF file with just a click. This provides the option to read your content offline or share it easily with others. Whether it’s articles, posts, or product pages, “Save as PDF” ensures your website’s content is accessible in a widely used format.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy to Use:\u003C\u002Fstrong> A simple, intuitive button on your webpage allows users to save content as a PDF.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Button:\u003C\u002Fstrong> Customize the appearance and placement of the ‘Save as PDF’ button to match your website’s design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Quality PDFs:\u003C\u002Fstrong> Generates high-quality PDF documents that maintain the original layout and styling of your webpages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support:\u003C\u002Fstrong> Easily add the ‘Save as PDF’ button anywhere on your site with a simple shortcode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once activated, the “Save as PDF” button will automatically appear on all eligible content according to your settings. Users can click this button to  save the current page as a PDF file.\u003C\u002Fp>\n\u003Cp>To manually add the “Save as PDF” button to specific pages or posts, use the following shortcode:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[save_as_pdf_pdfcrowd]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For additional methods of adding the button to your pages, please refer to the \u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Fsave-as-pdf-wordpress-plugin\u002F#how-to-use\" rel=\"nofollow ugc\">Getting Started Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Customization\u003C\u002Fh3>\n\u003Cp>The plugin offers various customization options accessible through the WordPress admin panel. You can change the PDF generation settings and button appearance. For more detailed customization, please refer to the plugin \u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Fsave-as-pdf-wordpress-plugin\u002Fref\u002F\" rel=\"nofollow ugc\">option reference\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Licensing\u003C\u002Fh3>\n\u003Cp>By default, the plugin operates in demo mode, which, while fully functional, adds a watermark and PDFCrowd branding to the content.\u003C\u002Fp>\n\u003Cp>To remove the demo watermark and PDFCrowd branding, you can purchase an \u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Fpricing\u002Fapi\u002F?api=v2&ref=wordpress\" rel=\"nofollow ugc\">PDFCrowd license\u003C\u002Fa>. Activate the license by entering your PDFCrowd username and key in the plugin settings under the License tab.\u003C\u002Fp>\n\u003Cp>A PDFCrowd license is versatile, allowing use across multiple WordPress websites for our \u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Fsave-as-pdf-image-wordpress-plugin\u002F\" rel=\"nofollow ugc\">plugins\u003C\u002Fa>. Additionally, the license grants direct access to the \u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Fapi\u002F\" rel=\"nofollow ugc\">PDFCrowd API\u003C\u002Fa> for a broader range of applications.\u003C\u002Fp>\n\u003Ch3>Basic Troubleshooting\u003C\u002Fh3>\n\u003Cp>If the default plugin output does not meet your requirements, consider adjusting the following settings individually. You may need to activate the “Expert Settings” option to access some of these features.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mode > Conversion Mode:\u003C\u002Fstrong> Try switching it to either “Upload” or “Content”.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Print Resolution > Content Viewport Width:\u003C\u002Fstrong> Experiment with different widths to see which yields the best result.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Print Resolution > Content Fit Mode:\u003C\u002Fstrong> Different scaling modes can significantly alter the PDF’s page layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Print Resolution > Content Viewport Height:\u003C\u002Fstrong> Increase this value, for example, to 50000, to see if it improves the output.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please \u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact us\u003C\u002Fa> or write to support@pdfcrowd.com if you need any help. We will be happy to assist you with configuring the plugin to ensure its output meets your needs.\u003C\u002Fp>\n\u003Cp>Plugin links:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Fsave-as-pdf-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Fsave-as-pdf-wordpress-plugin\u002Fref\u002F\" rel=\"nofollow ugc\">Option Reference\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002Ffaq\u002Fwordpress\u002F\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>The plugin is provided by \u003Ca href=\"https:\u002F\u002Fpdfcrowd.com\u002F\" rel=\"nofollow ugc\">PDFCrowd\u003C\u002Fa>, established in 2009 as a pioneer in the field of online conversion services. Over the years, we have served hundreds of thousands of users worldwide, constantly evolving our technology to meet the needs of our customers.\u003C\u002Fp>\n","Enable visitors to download your webpages as PDF with just one click.",1000,73886,82,27,"2026-01-13T12:11:00.000Z","6.9.4","4.0","5.1",[20,21,22,23,24],"content-export","pdf-conversion","pdf-widget","printable-content","web-to-pdf","https:\u002F\u002Fpdfcrowd.com\u002Fsave-as-pdf-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsave-as-pdf-by-pdfcrowd.zip",92,10,0,"2026-01-24 02:47:36","2026-03-15T15:16:48.613Z",[33,48,62,78,89,103,115,127,139,151],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2026-0862","save-as-pdf-plugin-by-pdfcrowd-reflected-cross-site-scripting-via-options","Save as PDF Plugin by PDFCrowd \u003C= 4.5.5 - Reflected Cross-Site Scripting via options","The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as \"demo mode\", which is the default configuration when the plugin is installed) or known.",null,"\u003C=4.5.5","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-24 15:34:07",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F74172fcb-7428-464a-89f1-f1f3af50e361?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2025-59552","save-as-pdf-authenticated-contributor-stored-cross-site-scripting","Save as PDF \u003C= 4.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Save as PDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.5.2","4.5.3",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-09-22 00:00:00","2025-09-26 19:01:33",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1c73724c-c099-49ba-93f4-23e1c8cb4028?source=api-prod",5,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":67,"patched_in_version":68,"severity":69,"cvss_score":70,"cvss_vector":71,"vuln_type":72,"published_date":73,"updated_date":74,"references":75,"days_to_patch":77},"CVE-2025-24671","save-as-pdf-plugin-by-pdfcrowd-unauthenticated-php-object-injection","Save as PDF Plugin by Pdfcrowd \u003C= 4.4.0 - Unauthenticated PHP Object Injection","The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","\u003C=4.4.0","4.4.1","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2025-01-21 00:00:00","2025-02-24 16:14:55",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb2cb4af8-4cb5-4f79-93c1-21dbdc7c406f?source=api-prod",35,{"id":79,"url_slug":80,"title":81,"description":82,"plugin_slug":4,"theme_slug":38,"affected_versions":83,"patched_in_version":84,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":85,"updated_date":86,"references":87,"days_to_patch":47},"CVE-2024-10891","save-as-pdf-plugin-by-pdfcrowd-authenticated-contributor-stored-cross-site-scripting-2","Save as PDF Plugin by Pdfcrowd \u003C= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'save_as_pdf_pdfcrowd' shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.2.1","4.2.2","2024-11-19 00:00:00","2024-11-20 09:31:54",[88],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3763d893-83a0-4b6a-9c21-34a69313d555?source=api-prod",{"id":90,"url_slug":91,"title":92,"description":93,"plugin_slug":4,"theme_slug":38,"affected_versions":94,"patched_in_version":95,"severity":40,"cvss_score":96,"cvss_vector":97,"vuln_type":43,"published_date":98,"updated_date":99,"references":100,"days_to_patch":102},"CVE-2024-37549","save-as-pdf-plugin-by-pdfcrowd-authenticated-administrator-stored-cross-site-scripting","Save as PDF plugin by Pdfcrowd \u003C= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Save as PDF plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","\u003C=4.0.0","4.0.1",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-07-06 00:00:00","2024-07-11 14:00:25",[101],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F30dbc840-e281-405c-82ed-7f92761db8ae?source=api-prod",6,{"id":104,"url_slug":105,"title":106,"description":107,"plugin_slug":4,"theme_slug":38,"affected_versions":108,"patched_in_version":109,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":43,"published_date":110,"updated_date":111,"references":112,"days_to_patch":114},"CVE-2024-35649","save-as-pdf-plugin-by-pdfcrowd-authenticated-contributor-stored-cross-site-scripting","Save as PDF Plugin by Pdfcrowd \u003C= 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=3.2.3","3.3.0","2024-06-03 00:00:00","2024-06-11 19:07:22",[113],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F157a02dc-542e-4b2b-a847-9abccccda20c?source=api-prod",9,{"id":116,"url_slug":117,"title":118,"description":119,"plugin_slug":4,"theme_slug":38,"affected_versions":120,"patched_in_version":121,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":122,"published_date":123,"updated_date":124,"references":125,"days_to_patch":102},"CVE-2024-33684","save-as-pdf-plugin-by-pdfcrowd-missing-authorization","Save as PDF plugin by Pdfcrowd \u003C= 3.2.0 - Missing Authorization","The Save as PDF plugin by Pdfcrowd plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_sample_button() function in versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject malicious web scripts.","\u003C=3.2.0","3.2.1","Missing Authorization","2024-04-26 00:00:00","2024-05-01 13:05:33",[126],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd7e18997-90be-4fa4-aa4f-3b79544e00f5?source=api-prod",{"id":128,"url_slug":129,"title":130,"description":131,"plugin_slug":4,"theme_slug":38,"affected_versions":132,"patched_in_version":133,"severity":40,"cvss_score":96,"cvss_vector":97,"vuln_type":43,"published_date":134,"updated_date":135,"references":136,"days_to_patch":138},"CVE-2023-5971","save-as-pdf-plugin-by-pdfcrowd-authenticated-admin-stored-cross-site-scripting","Save as PDF Plugin by Pdfcrowd \u003C= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting","The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=3.1.0","3.2.0","2024-04-18 00:00:00","2024-05-16 12:42:15",[137],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F12589b0a-5067-4368-a5a8-639cf381c0a6?source=api-prod",29,{"id":140,"url_slug":141,"title":142,"description":143,"plugin_slug":4,"theme_slug":38,"affected_versions":144,"patched_in_version":145,"severity":40,"cvss_score":96,"cvss_vector":97,"vuln_type":43,"published_date":146,"updated_date":147,"references":148,"days_to_patch":150},"CVE-2024-31930","save-as-pdf-authenticated-admin-stored-cross-site-scripting","Save as PDF  \u003C= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting","The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=3.2.1","3.2.2","2024-04-10 00:00:00","2024-04-25 14:07:33",[149],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F92484681-e677-4a7b-b2df-40aad49baf44?source=api-prod",16,{"id":152,"url_slug":153,"title":154,"description":155,"plugin_slug":4,"theme_slug":38,"affected_versions":156,"patched_in_version":157,"severity":40,"cvss_score":96,"cvss_vector":97,"vuln_type":43,"published_date":158,"updated_date":159,"references":160,"days_to_patch":162},"CVE-2023-40668","save-as-pdf-plugin-by-pdfcrowd-authenticated-administrator-stored-cross-site-scripting-via-admin-settings","Save as PDF plugin by Pdfcrowd \u003C= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings","The Save as PDF plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.16.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","\u003C=2.16.0","2.16.1","2023-08-21 00:00:00","2024-01-22 19:56:02",[161],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F52056177-8604-48b9-ab50-d0dc1e13a3d5?source=api-prod",155,{"slug":164,"display_name":7,"profile_url":8,"plugin_count":165,"total_installs":166,"avg_security_score":167,"avg_patch_time_days":168,"trust_score":169,"computed_at":170},"pdfcrowd",2,1020,95,65,85,"2026-04-04T03:55:15.397Z",[172],{"slug":173,"name":174,"version":175,"author":176,"author_profile":177,"description":178,"short_description":179,"active_installs":28,"downloaded":180,"rating":29,"num_ratings":29,"last_updated":181,"tested_up_to":16,"requires_at_least":182,"requires_php":183,"tags":184,"homepage":189,"download_link":190,"security_score":191,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"llm-markdown","LLM Markdown – Expose Content as .md","1.0.0","Michael Sablone","https:\u002F\u002Fprofiles.wordpress.org\u002Fmichaelsablone\u002F","\u003Cp>LLM Markdown exposes your public WordPress posts and pages as real \u003Ccode>.md\u003C\u002Fcode> routes.  Simply append .md to any supported post or page URL to access its Markdown representation.\u003C\u002Fp>\n\u003Cp>Each Markdown document includes structured YAML front matter and clean content extracted from the rendered HTML.\u003C\u002Fp>\n\u003Cp>Designed for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>LLM and AI ingestion\u003C\u002Fli>\n\u003Cli>Headless and hybrid workflows\u003C\u002Fli>\n\u003Cli>Content export pipelines\u003C\u002Fli>\n\u003Cli>SEO-friendly alternate representations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fexample.com\u002Fmy-post.md\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real \u003Ccode>.md\u003C\u002Fcode> URLs\u003C\u002Fli>\n\u003Cli>YAML front matter (title, dates, taxonomy, URL)\u003C\u002Fli>\n\u003Cli>Selector-based content extraction\u003C\u002Fli>\n\u003Cli>Respects password protection\u003C\u002Fli>\n\u003Cli>Optional respect for noindex\u003C\u002Fli>\n\u003Cli>Per-post-type control\u003C\u002Fli>\n\u003Cli>Caching for performance\u003C\u002Fli>\n\u003Cli>Adds \u003Ccode>\u003Clink rel=\"alternate\" type=\"text\u002Fmarkdown\">\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No Gutenberg lock-in. No content duplication. No custom post types required.\u003C\u002Fp>\n","Expose WordPress posts and pages as real .md URLs with YAML front matter for LLMs, AI ingestion, and headless workflows.",171,"2026-02-26T22:46:00.000Z","6.0","7.4",[185,20,186,187,188],"ai","headless","llm","markdown","https:\u002F\u002Fcompiledrogue.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fllm-markdown.1.0.0.zip",100,{"attackSurface":193,"codeSignals":256,"taintFlows":283,"riskAssessment":346,"analyzedAt":361},{"hooks":194,"ajaxHandlers":231,"restRoutes":245,"shortcodes":246,"cronEvents":254,"entryPointCount":102,"unprotectedCount":255},[195,201,204,205,208,211,214,217,219,222,228],{"type":196,"name":197,"callback":198,"file":199,"line":200},"action","plugins_loaded","anonymous","includes\\class-save-as-pdf-pdfcrowd.php",156,{"type":196,"name":202,"callback":198,"file":199,"line":203},"admin_enqueue_scripts",170,{"type":196,"name":202,"callback":198,"file":199,"line":180},{"type":196,"name":206,"callback":198,"file":199,"line":207},"admin_menu",172,{"type":196,"name":209,"callback":198,"file":199,"line":210},"admin_init",173,{"type":196,"name":212,"callback":198,"file":199,"line":213},"admin_notices",175,{"type":196,"name":215,"callback":198,"file":199,"line":216},"wp_enqueue_scripts",198,{"type":196,"name":215,"callback":198,"file":199,"line":218},199,{"type":196,"name":220,"callback":198,"file":199,"line":221},"init",200,{"type":223,"name":224,"callback":225,"file":226,"line":227},"filter","the_content","show_button","public\\class-save-as-pdf-pdfcrowd-public.php",67,{"type":223,"name":229,"callback":225,"file":226,"line":230},"the_excerpt",68,[232,236,239,242],{"action":233,"nopriv":234,"callback":198,"hasNonce":234,"hasCapCheck":234,"file":199,"line":235},"save_as_pdf_pdfcrowd_create_button",false,180,{"action":237,"nopriv":234,"callback":198,"hasNonce":234,"hasCapCheck":234,"file":199,"line":238},"save_as_pdf_pdfcrowd_dismiss_upgrade",183,{"action":240,"nopriv":234,"callback":240,"hasNonce":234,"hasCapCheck":234,"file":226,"line":241},"save_as_pdf_pdfcrowd",153,{"action":240,"nopriv":243,"callback":240,"hasNonce":234,"hasCapCheck":234,"file":226,"line":244},true,154,[],[247,250],{"tag":240,"callback":248,"file":226,"line":249},"save_as_pdf_pdfcrowd_shortcode",149,{"tag":251,"callback":252,"file":226,"line":253},"block_save_as_pdf_pdfcrowd","block_save_as_pdf_pdfcrowd_shortcode",151,[],4,{"dangerousFunctions":257,"sqlUsage":258,"outputEscaping":260,"fileOperations":280,"externalRequests":255,"nonceChecks":47,"capabilityChecks":281,"bundledLibraries":282},[],{"prepared":29,"raw":29,"locations":259},[],{"escaped":261,"rawEcho":262,"locations":263},76,7,[264,268,270,272,274,276,278],{"file":265,"line":266,"context":267},"admin\\partials\\save-as-pdf-pdfcrowd-admin-display.php",533,"raw output",{"file":265,"line":269,"context":267},538,{"file":265,"line":271,"context":267},595,{"file":265,"line":273,"context":267},619,{"file":199,"line":275,"context":267},258,{"file":226,"line":277,"context":267},1712,{"file":226,"line":279,"context":267},1728,3,14,[],[284,300,327,338],{"entryPoint":285,"graph":286,"unsanitizedCount":165,"severity":40},"save_as_pdf_pdfcrowd (public\\class-save-as-pdf-pdfcrowd-public.php:1597)",{"nodes":287,"edges":298},[288,293],{"id":289,"type":290,"label":291,"file":226,"line":292},"n0","source","$_POST (x2)",1607,{"id":294,"type":295,"label":296,"file":226,"line":277,"wp_function":297},"n1","sink","echo() [XSS]","echo",[299],{"from":289,"to":294,"sanitized":234},{"entryPoint":301,"graph":302,"unsanitizedCount":255,"severity":40},"\u003Cclass-save-as-pdf-pdfcrowd-public> (public\\class-save-as-pdf-pdfcrowd-public.php:0)",{"nodes":303,"edges":323},[304,307,311,314,319,321],{"id":289,"type":290,"label":305,"file":226,"line":306},"$_SERVER",1035,{"id":294,"type":295,"label":308,"file":226,"line":309,"wp_function":310},"wp_remote_post() [SSRF]",1300,"wp_remote_post",{"id":312,"type":290,"label":305,"file":226,"line":313},"n2",1015,{"id":315,"type":295,"label":316,"file":226,"line":317,"wp_function":318},"n3","wp_redirect() [Open Redirect]",1368,"wp_redirect",{"id":320,"type":290,"label":291,"file":226,"line":292},"n4",{"id":322,"type":295,"label":296,"file":226,"line":277,"wp_function":297},"n5",[324,325,326],{"from":289,"to":294,"sanitized":234},{"from":312,"to":315,"sanitized":234},{"from":320,"to":322,"sanitized":234},{"entryPoint":328,"graph":329,"unsanitizedCount":29,"severity":337},"create_sample_button (includes\\class-save-as-pdf-pdfcrowd.php:243)",{"nodes":330,"edges":335},[331,334],{"id":289,"type":290,"label":332,"file":199,"line":333},"$_POST",254,{"id":294,"type":295,"label":296,"file":199,"line":275,"wp_function":297},[336],{"from":289,"to":294,"sanitized":243},"low",{"entryPoint":339,"graph":340,"unsanitizedCount":29,"severity":337},"\u003Cclass-save-as-pdf-pdfcrowd> (includes\\class-save-as-pdf-pdfcrowd.php:0)",{"nodes":341,"edges":344},[342,343],{"id":289,"type":290,"label":332,"file":199,"line":333},{"id":294,"type":295,"label":296,"file":199,"line":275,"wp_function":297},[345],{"from":289,"to":294,"sanitized":243},{"summary":347,"deductions":348},"The save-as-pdf-by-pdfcrowd plugin, version 4.5.6, presents a mixed security posture. While it demonstrates good practices in its SQL query handling, with 100% using prepared statements and a high percentage of output escaping, several significant concerns exist. The plugin has a notable attack surface with 6 entry points, 4 of which lack any authentication checks. This is exacerbated by the presence of 2 flows with unsanitized paths, although these did not reach a critical or high severity in the taint analysis. The plugin's vulnerability history is a major red flag, with 10 known CVEs, including 1 high and 9 medium severity vulnerabilities. The fact that the last vulnerability was in 2026, while concerning for a current analysis, suggests a pattern of past security weaknesses. This history, combined with the unprotected entry points, indicates a plugin that has historically been a target and may require careful scrutiny and timely updates.\n\nDespite the positive aspects like proper SQL handling and mostly escaped output, the plugin's past indicates a susceptibility to significant vulnerabilities like deserialization, missing authorization, and cross-site scripting. The unprotected AJAX handlers are a direct pathway for potential exploitation if vulnerabilities are present. The presence of unsanitized paths, even if not leading to critical issues in this version, warrants caution. The overall risk is elevated due to the historical pattern of vulnerabilities and the exposed attack surface. Users should be particularly vigilant about updates and consider the plugin's past record when assessing its trustworthiness.",[349,351,354,357,359],{"reason":350,"points":28},"4 AJAX handlers without auth checks",{"reason":352,"points":353},"2 flows with unsanitized paths",8,{"reason":355,"points":356},"10 total known CVEs (1 high, 9 medium)",15,{"reason":358,"points":61},"1 nonce check for 6 entry points",{"reason":360,"points":280},"14 capability checks for 6 entry points","2026-03-16T19:05:00.923Z",{"wat":363,"direct":377},{"assetPaths":364,"generatorPatterns":368,"scriptPaths":369,"versionParams":372},[365,366,367],"\u002Fwp-content\u002Fplugins\u002Fsave-as-pdf-by-pdfcrowd\u002Fpublic\u002Fcss\u002Fsave-as-pdf-pdfcrowd-public.css","\u002Fwp-content\u002Fplugins\u002Fsave-as-pdf-by-pdfcrowd\u002Fpublic\u002Fcss\u002Fsave-as-pdf-pdfcrowd-indicators.css","\u002Fwp-content\u002Fplugins\u002Fsave-as-pdf-by-pdfcrowd\u002Fpublic\u002Fjs\u002Fsave-as-pdf-pdfcrowd-public.js",[],[370,371],"\u002Fwp-content\u002Fplugins\u002Fsave-as-pdf-by-pdfcrowd\u002Fadmin\u002Fjs\u002Fsave-as-pdf-pdfcrowd-admin.js","\u002Fwp-content\u002Fplugins\u002Fsave-as-pdf-by-pdfcrowd\u002Fpublic\u002Fjs\u002Fsave-as-pdf-pdfcrowd-indicators.js",[373,374,375,376],"save-as-pdf-pdfcrowd\u002Fadmin\u002Fcss\u002Fsave-as-pdf-pdfcrowd-admin.css?ver=","save-as-pdf-pdfcrowd\u002Fpublic\u002Fcss\u002Fsave-as-pdf-pdfcrowd-indicators.css?ver=","save-as-pdf-pdfcrowd\u002Fadmin\u002Fjs\u002Fsave-as-pdf-pdfcrowd-admin.js?ver=","save-as-pdf-pdfcrowd\u002Fpublic\u002Fjs\u002Fsave-as-pdf-pdfcrowd-indicators.js?ver=",{"cssClasses":378,"htmlComments":382,"htmlAttributes":383,"restEndpoints":385,"jsGlobals":386,"shortcodeOutput":387},[379,380,381],"save-as-pdf-pdfcrowd-notice","save-as-pdf-pdfcrowd-upgrade-notice","pdfcrowd-button",[],[384],"data-pdfcrowd-placeholder",[],[240],[]]