Does SmartDoc to Post Importer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SmartDoc to Post Importer compatible with WordPress 6.8.5?

According to WordPress.org data, SmartDoc to Post Importer 1.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SmartDoc to Post Importer compatible with PHP 7.4+?

SmartDoc to Post Importer requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SmartDoc to Post Importer updated?

SmartDoc to Post Importer was last updated on Oct 8, 2025. Frequent updates are generally a positive security signal.

What is SmartDoc to Post Importer's security score?

SmartDoc to Post Importer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SmartDoc to Post Importer Security & Risk Analysis

wordpress.org/plugins/smartdoc-to-post-importer

Import Word documents into WordPress while preserving links, lists, formatting, images, tables, and more.

200 active installs v1.0.3 PHP 7.4+ WP 5.0+ Updated Oct 8, 2025

documentdocxformattingimportword

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SmartDoc to Post Importer Safe to Use in 2026?

Generally Safe

Score 100/100

SmartDoc to Post Importer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The "smartdoc-to-post-importer" plugin v1.0.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of proper output escaping. The absence of known CVEs and vulnerabilities in its history is also a strong indicator of a well-maintained codebase. However, there are significant areas of concern that detract from its overall security.

The plugin exposes a notable attack surface with 5 AJAX handlers, one of which lacks any authentication checks. This creates a direct pathway for unauthenticated attackers to interact with potentially sensitive functionality. Furthermore, the presence of the `unserialize` function, especially without context on how its input is sanitized, poses a risk for unserialization vulnerabilities if user-controlled data is passed to it.

While the taint analysis did not reveal critical or high-severity issues, the presence of two flows with unsanitized paths warrants attention, as these could be leveraged in combination with other weaknesses. The vulnerability history is clean, which is a good sign, but it doesn't negate the immediate risks identified in the static analysis. In conclusion, the plugin has strengths in its handling of database queries and output, but the unprotected AJAX endpoint and the use of `unserialize` represent critical security weaknesses that require immediate remediation.

Key Concerns

AJAX handler without authentication
Use of dangerous function (unserialize)
Flows with unsanitized paths

Vulnerabilities

None known

SmartDoc to Post Importer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SmartDoc to Post Importer Release Timeline

v1.0.3Current

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

SmartDoc to Post Importer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

141 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$parsed_content = unserialize($decoded_content);includes\class-admin.php:386

unserialize$parsed_content = unserialize($decoded_content);includes\document-code-core.php:874

Output Escaping

93% escaped151 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

smartdocpost_handle_word_upload (includes\document-code-core.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

SmartDoc to Post Importer Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 5

authwp_ajax_smartdocpost_upload_filesmartdoc-to-post-importer.php:99

noprivwp_ajax_smartdocpost_upload_filesmartdoc-to-post-importer.php:100

authwp_ajax_smartdocpost_import_contentsmartdoc-to-post-importer.php:102

noprivwp_ajax_smartdocpost_import_contentsmartdoc-to-post-importer.php:103

authwp_ajax_smartdocpost_get_taxonomiessmartdoc-to-post-importer.php:105

WordPress Hooks 4

actionadmin_enqueue_scriptsincludes\class-admin.php:23

actioninitsmartdoc-to-post-importer.php:57

actionadmin_menusmartdoc-to-post-importer.php:61

actionadmin_enqueue_scriptssmartdoc-to-post-importer.php:79

Maintenance & Trust

SmartDoc to Post Importer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 8, 2025

PHP min version7.4

Downloads1K

Community Trust

Rating100/100

Number of ratings2

Active installs200

Alternatives

SmartDoc to Post Importer Alternatives

Hoo Docx Document File Importer

hoo-document-importer

Hoo Docx Document File Importer converts the content of the docx file into HTML and inserts it into the posts and pages editor.

200 No CVEs

Seraphinite Post .DOCX Source

seraphinite-post-docx-source

Save your time by automatically converting from .DOCX to content with all WordPress post attributes.

900 3 CVEs

BlogSync – Convert & Publish Google Docs to WordPress

blogsync

100

Connect your WordPress site to BlogSync for document-to-post publishing via the BlogSync dashboard.

0 No CVEs

Trendly Content Extractor – DOCX to WordPress Post Converter

trendly-content-extractor

100

The #1 doc to post converter plugin. Import docx files to WordPress automatically. Convert Word documents to posts with images & SEO optimization.

0 No CVEs

All-in-One WP Migration and Backup

all-in-one-wp-migration

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs

Developer Profile

SmartDoc to Post Importer Developer Profile

Ankur

1 plugin · 200 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SmartDoc to Post Importer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smartdoc-to-post-importer/assets/css/smartdocpost-admin.css/wp-content/plugins/smartdoc-to-post-importer/assets/js/smartdocpost-admin.js/wp-content/plugins/smartdoc-to-post-importer/assets/js/jquery.tinyscrollbar.min.js/wp-content/plugins/smartdoc-to-post-importer/assets/js/jquery.validate.min.js

Script Paths

/wp-content/plugins/smartdoc-to-post-importer/assets/js/smartdocpost-admin.js/wp-content/plugins/smartdoc-to-post-importer/assets/js/jquery.tinyscrollbar.min.js/wp-content/plugins/smartdoc-to-post-importer/assets/js/jquery.validate.min.js

Version Parameters

smartdoc-to-post-importer/assets/css/smartdocpost-admin.css?ver=smartdoc-to-post-importer/assets/js/smartdocpost-admin.js?ver=smartdoc-to-post-importer/assets/js/jquery.tinyscrollbar.min.js?ver=smartdoc-to-post-importer/assets/js/jquery.validate.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

smartdocpost-upload-formsmartdocpost-import-settingssmartdocpost-file-input-wrapper

Data Attributes

data-smartdocpost-action

JS Globals

smartdocpost_ajax_object

FAQ