Does Seraphinite Post .DOCX Source have any unpatched vulnerabilities?

No. All known vulnerabilities in Seraphinite Post .DOCX Source have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Seraphinite Post .DOCX Source compatible with WordPress 6.9.4?

According to WordPress.org data, Seraphinite Post .DOCX Source 2.16.15 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Seraphinite Post .DOCX Source compatible with PHP 5.4+?

Seraphinite Post .DOCX Source requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Seraphinite Post .DOCX Source updated?

Seraphinite Post .DOCX Source was last updated on Feb 13, 2026. Frequent updates are generally a positive security signal.

What is Seraphinite Post .DOCX Source's security score?

Seraphinite Post .DOCX Source has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Seraphinite Post .DOCX Source Security & Risk Analysis

wordpress.org/plugins/seraphinite-post-docx-source

Save your time by automatically converting from .DOCX to content with all WordPress post attributes.

900 active installs v2.16.15 PHP 5.4+ WP 4.5+ Updated Feb 13, 2026

batchconverterdocximportermsword

A · Safe

CVEs total3

Unpatched0

Last CVEJul 11, 2024

Plugin page Download

Safety Verdict

Is Seraphinite Post .DOCX Source Safe to Use in 2026?

Generally Safe

Score 98/100

Seraphinite Post .DOCX Source has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 11, 2024Updated 1mo ago

Risk Assessment

The seraphinite-post-docx-source plugin exhibits a mixed security posture. While it has no currently unpatched CVEs, its static analysis reveals significant concerns. The presence of two AJAX handlers without authentication checks represents a substantial attack surface, leaving the plugin vulnerable to unauthorized actions. Furthermore, the use of dangerous functions like 'unserialize' and 'proc_open' combined with a low percentage of properly escaped output (27%) indicates a risk of code injection and sensitive data exposure. Taint analysis, while not revealing critical or high severity issues, did identify two flows with unsanitized paths, suggesting potential for vulnerabilities if combined with other weaknesses.

The plugin's vulnerability history shows a pattern of medium severity issues including missing authorization, SSRF, and CSRF. The recent vulnerability in July 2024, even though patched, reinforces the need for ongoing vigilance. The lack of robust authorization checks on entry points is a recurring theme in its past issues and is directly reflected in the static analysis. Despite some positive signals like the use of nonces and capability checks, the plugin's core architecture, particularly its handling of AJAX requests and potentially untrusted data, presents significant risks.

Key Concerns

AJAX handlers without authentication checks
Use of dangerous functions (unserialize, proc_open)
Low percentage of properly escaped output
Flows with unsanitized paths identified
Vulnerability history with missing authorization
Vulnerability history with SSRF
Vulnerability history with CSRF

Vulnerabilities

Seraphinite Post .DOCX Source Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-38727medium · 4.3Missing Authorization

Seraphinite Post .DOCX Source <= 2.16.9 - Missing Authorization

Jul 11, 2024 Patched in 2.16.10 (9d)

CVE-2024-38728medium · 6.4Server-Side Request Forgery (SSRF)

Seraphinite Post .DOCX Source <= 2.16.9 - Authenticated (Subscriber+) Server-Side Request Forgery

Jul 11, 2024 Patched in 2.16.10 (9d)

CVE-2023-48279medium · 4.3Cross-Site Request Forgery (CSRF)

Seraphinite Post .DOCX Source <= 2.16.6 - Cross-Site Request Forgery

Nov 23, 2023 Patched in 2.16.7 (82d)

Code Analysis

Analyzed Mar 16, 2026

Seraphinite Post .DOCX Source Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

278

105 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$v = @unserialize( $data );Cmn\Gen.php:322

unserialize$chunk -> a = @unserialize( $chunk -> a );Cmn\Gen.php:2842

proc_open$hProc = @proc_open( $cmdline, array( 2 => array( 'pipe', 'w' ) ), $pipes, null, null, array( 'bypasCmn\Img.php:375

proc_open$hProc = @proc_open( $cmdline, array( 2 => array( 'pipe', 'w' ) ), $pipes, null, null, array( 'bypasCmn\Img.php:729

proc_open$hProc = @proc_open( $cmdline, array( 2 => array( 'pipe', 'w' ) ), $pipes, null, null, array( 'bypasCmn\Img.php:846

unserialize$val = ( $val !== false ) ? @unserialize( $val ) : null;Cmn\Plugin.php:163

SQL Query Safety

40% prepared5 total queries

Output Escaping

27% escaped383 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

StreamOutFileContent (Cmn\Fs.php:13)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Seraphinite Post .DOCX Source Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_seraph_pds_actCmn\Plugin.php:493

authwp_ajax_seraph_pds_apiCmn\Plugin.php:589

WordPress Hooks 41

filtersafe_style_cssCmn\Gen.php:4841

filteroption_homeCmn\Gen.php:4934

filteroption_homeCmn\Gen.php:4935

filterhome_urlCmn\Gen.php:4938

filteroption_siteurlCmn\Gen.php:4966

filteroption_siteurlCmn\Gen.php:4967

filtersite_urlCmn\Gen.php:4969

actionrequests-requests.before_requestCmn\Gen.php:5093

actionrequests-requests.before_parseCmn\Gen.php:5094

filterhome_urlCmn\Gen.php:5932

filterwpml_get_language_from_urlCmn\Gen.php:5937

filterhome_urlCmn\Gen.php:5942

filterload_textdomain_mofileCmn\Gen.php:6316

filterpost_linkCmn\Gen.php:6467

actionadmin_noticesCmn\Plugin.php:483

actionnetwork_admin_noticesCmn\Plugin.php:484

actionplugins_loadedCmn\Plugin.php:488

actionchange_localeCmn\Plugin.php:489

filterremovable_query_argsCmn\Plugin.php:495

actionadmin_initCmn\Plugin.php:503

actionseraph_pds_postOpsResCmn\Plugin.php:517

actionadmin_enqueue_scriptsCmn\Plugin.php:535

actionwp_loadedCmn\Plugin.php:574

filterplugins_update_check_localesCmn\Plugin.php:582

actionadmin_post_nopriv_seraph_pds_apiCmn\Plugin.php:584

actionadmin_post_seraph_pds_apiCmn\Plugin.php:585

actionadmin_footerCmn\Plugin.php:644

filteradmin_footer_textCmn\Plugin.php:824

filteradd_post_metadatacommon.php:169

filterupdate_post_metadatacommon.php:170

filterwp_unique_filenamehelper.php:587

filterpre_move_uploaded_filehelper.php:588

filterwp_handle_uploadhelper.php:589

filterupload_dirhelper.php:590

actionwp_enqueue_scriptsmain.php:13

actionadmin_menumain.php:46

actionadmin_initmain.php:56

actionseraph_pds_postOpsResmain.php:73

actionadd_meta_boxesmain.php:83

actionadmin_menumain.php:106

actionsave_postmain.php:113

Maintenance & Trust

Seraphinite Post .DOCX Source Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 13, 2026

PHP min version5.4

Downloads40K

Community Trust

Rating92/100

Number of ratings45

Active installs900

Alternatives

Seraphinite Post .DOCX Source Alternatives

Categories to Tags Converter

wpcat2tag-importer

Convert existing categories to tags or tags to categories, selectively.

50K No CVEs

FG PrestaShop to WooCommerce

fg-prestashop-to-woocommerce

A plugin to migrate PrestaShop e-commerce solution to WooCommerce

1K 2 CVEs

Taxonomy Converter

taxonomy-converter

Copy or convert terms between taxonomies.

600 No CVEs

FG OpenCart to WooCommerce

fg-opencart-to-woocommerce

100

A plugin to migrate OpenCart e-commerce solution to WooCommerce

300 No CVEs

FG SPIP to WordPress

fg-spip-to-wp

100

A plugin to migrate categories, articles, news, and images from SPIP to WordPress

100 No CVEs

Developer Profile

Seraphinite Post .DOCX Source Developer Profile

Seraphinite Solutions

5 plugins · 61K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

36 days

View full developer profile

Detection Fingerprints

How We Detect Seraphinite Post .DOCX Source

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/seraphinite-post-docx-source/css/style.css/wp-content/plugins/seraphinite-post-docx-source/css/admin-styles.css/wp-content/plugins/seraphinite-post-docx-source/js/frontend-script.js/wp-content/plugins/seraphinite-post-docx-source/js/admin-script.js

Script Paths

/wp-content/plugins/seraphinite-post-docx-source/js/frontend-script.js/wp-content/plugins/seraphinite-post-docx-source/js/admin-script.js

Version Parameters

seraphinite-post-docx-source/css/style.css?ver=seraphinite-post-docx-source/css/admin-styles.css?ver=seraphinite-post-docx-source/js/frontend-script.js?ver=seraphinite-post-docx-source/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

seraph-pds-frontend-containerseraph-pds-admin-container

HTML Comments

Data Attributes

data-seraph-pds-post-iddata-seraph-pds-nonce

JS Globals

seraphPDSFrontendseraphPDSAdmin

REST Endpoints

/wp-json/seraph-pds/v1/save-post-data

FAQ