WP-Safety

Ultimate Markdown – Markdown Editor, Importer, & Exporter Security & Risk Analysis

wordpress.org/plugins/ultimate-markdown

Generate block-based articles from a Markdown file, bulk import and export Markdown documents, create Markdown documents from an editor, and more.

1K active installs v1.24 PHP 5.3+ WP 5.0+ Updated Mar 8, 2026
export-markdownfront-matterimport-markdownmarkdownmarkdown-editor
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Ultimate Markdown – Markdown Editor, Importer, & Exporter Safe to Use in 2026?

Generally Safe

Score 100/100

Ultimate Markdown – Markdown Editor, Importer, & Exporter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 26d ago
Risk Assessment

The "ultimate-markdown" v1.24 plugin exhibits a strong security posture based on the provided static analysis. All identified entry points (AJAX handlers and REST API routes) appear to have appropriate authentication and permission checks, which is a significant strength. The high percentage of prepared statements for SQL queries and the exceptionally high rate of output escaping suggest good development practices aimed at preventing common web vulnerabilities. The absence of file operations and external HTTP requests further reduces the attack surface. Furthermore, the plugin has no recorded vulnerabilities (CVEs), indicating a history of stable and likely secure development.

While the static analysis reveals a very positive security profile, there are two "flows with unsanitized paths" identified in the taint analysis. Although these are not classified as critical or high severity, they represent potential avenues for attackers to inject or manipulate data if not handled correctly upstream or downstream from these flows. The specific nature and impact of these unsanitized paths are not detailed, but they warrant attention. The presence of nonce checks and capability checks at a decent rate is also positive, reinforcing the security mechanisms. Overall, the plugin is in a good security state, with the taint analysis identifying the primary area for potential investigation and improvement.

Key Concerns

  • Flows with unsanitized paths
Vulnerabilities
None known

Ultimate Markdown – Markdown Editor, Importer, & Exporter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ultimate Markdown – Markdown Editor, Importer, & Exporter Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
17 prepared
Unescaped Output
10
271 escaped
Nonce Checks
9
Capability Checks
11
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

65% prepared26 total queries

Output Escaping

96% escaped281 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
display_crud_menu (admin\inc\menu\class-daextulma-menu-elements.php:1321)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Ultimate Markdown – Markdown Editor, Importer, & Exporter Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 3

authwp_ajax_daextulma_import_documentclass-daextulma-ajax.php:43
authwp_ajax_daextulma_load_documentclass-daextulma-ajax.php:44
authwp_ajax_daextulma_submit_markdownclass-daextulma-ajax.php:45

REST API Routes 3

POST/wp-json/ultimate-markdown/v1/read-options/rest\class-daextulma-rest.php:83
POST/wp-json/ultimate-markdown/v1/optionsrest\class-daextulma-rest.php:94
POST/wp-json/ultimate-markdown/v1/parse-markdownrest\class-daextulma-rest.php:105
WordPress Hooks 22
actionadmin_enqueue_scriptsadmin\class-daextulma-admin.php:71
actionadmin_enqueue_scriptsadmin\class-daextulma-admin.php:72
actionadmin_menuadmin\class-daextulma-admin.php:75
actionwpmu_new_blogadmin\class-daextulma-admin.php:78
actiondelete_blogadmin\class-daextulma-admin.php:81
actioninitadmin\class-daextulma-admin.php:92
actioninitadmin\class-daextulma-admin.php:95
actioninitadmin\inc\class-daextulma-export.php:36
actionadd_meta_boxesadmin\inc\class-daextulma-meta-boxes.php:36
actionadmin_enqueue_scriptsadmin\inc\class-daextulma-meta-boxes.php:39
actionadmin_initadmin\inc\menu\class-daextulma-menu-elements.php:125
actionadmin_initadmin\inc\menu\class-daextulma-menu-elements.php:126
actionadmin_initadmin\inc\menu\class-daextulma-menu-elements.php:127
actionadmin_initadmin\inc\menu\class-daextulma-menu-elements.php:131
actionenqueue_block_editor_assetsblocks\src\init.php:72
actioninitblocks\src\init.php:115
actionplugins_loadedinit.php:30
actionplugins_loadedinit.php:47
actionplugins_loadedinit.php:52
actionplugins_loadedinit.php:68
actioninitinit.php:95
actionrest_api_initrest\class-daextulma-rest.php:54
Maintenance & Trust

Ultimate Markdown – Markdown Editor, Importer, & Exporter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 8, 2026
PHP min version5.3
Downloads26K

Community Trust

Rating80/100
Number of ratings10
Active installs1K
Alternatives

Ultimate Markdown – Markdown Editor, Importer, & Exporter Alternatives

Mytory Markdown

Mytory Markdown

mytory-markdown

A
85

The plugin get markdown file URL like github raw content url. It convert markdown file to html, and put it to post content.

50 No CVEs
Import Markdown – Versatile Markdown Importer

Import Markdown – Versatile Markdown Importer

import-markdown

A
100

Import Markdown lets you easily generates posts based on Markdown files.

2K No CVEs
Markup Markdown

Markup Markdown

markup-markdown

A
97

Disable Wordpress's native Gutenberg or TinyMCE editor in favor of a Markdown editor.

2K 3 CVEs
Markdown Editor (Formerly Dark Mode)

Markdown Editor (Formerly Dark Mode)

dark-mode

A
99

Quickly edit content in your WordPress site by getting an immersive, peaceful and natural writing experience with the coolest editor.

1K 3 CVEs
WP-Markdown

WP-Markdown

wp-markdown

A
85

Allows Markdown to be enabled in posts, comments and bbPress forums.

400 No CVEs
Developer Profile

Ultimate Markdown – Markdown Editor, Importer, & Exporter Developer Profile

DAEXT

13 plugins · 30K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
101 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Markdown – Markdown Editor, Importer, & Exporter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-markdown/admin/css/admin.css/wp-content/plugins/ultimate-markdown/admin/js/admin.js/wp-content/plugins/ultimate-markdown/blocks/build/index.js/wp-content/plugins/ultimate-markdown/blocks/build/index.css
Script Paths
/wp-content/plugins/ultimate-markdown/admin/js/admin.js/wp-content/plugins/ultimate-markdown/blocks/build/index.js
Version Parameters
ultimate-markdown/admin/css/admin.css?ver=ultimate-markdown/admin/js/admin.js?ver=ultimate-markdown/blocks/build/index.js?ver=ultimate-markdown/blocks/build/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
daextulma-document-editordaextulma-meta-box-wrapperdaextulma-export-wrapperdaextulma-import-wrapperdaextulma-admin-toolbar-wrapper
HTML Comments
<!-- Ultimate Markdown Block --><!-- Generated by Ultimate Markdown -->
Data Attributes
data-daextulma-block-iddata-daextulma-editor-settingsdata-daextulma-meta-box-id
JS Globals
daextulma_admindaextulma_blocks
REST Endpoints
/wp-json/daextulma/v1/save-meta/wp-json/daextulma/v1/get-post-meta
FAQ

Frequently Asked Questions about Ultimate Markdown – Markdown Editor, Importer, & Exporter