Does Word to html have any unpatched vulnerabilities?

No. All known vulnerabilities in Word to html have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Word to html compatible with WordPress 5.2.24?

According to WordPress.org data, Word to html 1.1 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Word to html compatible with PHP 5.2.4+?

Word to html requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Word to html updated?

Word to html was last updated on Jul 19, 2019. Frequent updates are generally a positive security signal.

What is Word to html's security score?

Word to html has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Word to html Security & Risk Analysis

wordpress.org/plugins/word-to-html

Display some html from one or more word files from your local webserver or an external webserver.

20 active installs v1.1 PHP 5.2.4+ WP 3.0.1+ Updated Jul 19, 2019

convertconverterdocxword-into-htmlword-to-html

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Word to html Safe to Use in 2026?

Generally Safe

Score 85/100

Word to html has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "word-to-html" v1.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no known historical vulnerabilities. The attack surface is minimal, with only one shortcode entry point and no unprotected AJAX handlers or REST API routes.

However, significant concerns arise from the code analysis. The most critical finding is that 0% of its 15 output points are properly escaped. This means any data processed and displayed by the plugin is potentially vulnerable to Cross-Site Scripting (XSS) attacks, allowing an attacker to inject malicious scripts into a user's browser.

Furthermore, the plugin has zero nonce checks and zero capability checks. While the static analysis shows no unprotected entry points based on these checks directly, the lack of them in general is a concerning oversight. This, combined with the unescaped output, indicates a potential weakness that could be exploited if an attacker finds a way to trigger the shortcode with malicious input. The absence of critical or high-severity taint flows is a positive sign, but it doesn't mitigate the immediate threat posed by the unescaped output.

Key Concerns

0% of outputs properly escaped
0 Nonce checks
0 Capability checks

Vulnerabilities

None known

Word to html Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Word to html Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped15 total outputs

Attack Surface

Word to html Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wordtohtml_create] wordtohtml.php:94

WordPress Hooks 2

actioninitwordtohtml.php:38

actionadmin_menuwordtohtml.php:95

Maintenance & Trust

Word to html Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedJul 19, 2019

PHP min version5.2.4

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Word to html Alternatives

Seraphinite Post .DOCX Source

seraphinite-post-docx-source

Save your time by automatically converting from .DOCX to content with all WordPress post attributes.

900 3 CVEs

Robin Image Optimizer – Unlimited Image Optimization & WebP Converter

robin-image-optimizer

Unlimited automatic image optimization for WordPress. Compress images, convert to WebP, and improve site speed without losing image quality.

100K 2 CVEs

FOX – Currency Switcher Professional for WooCommerce

woocommerce-currency-switcher

FOX - Currency Switcher Professional for WooCommerce (former name is WOOCS) is currency plugin for woocommerce and multi currency shop, switch & pay

50K 12 CVEs

Categories to Tags Converter

wpcat2tag-importer

Convert existing categories to tags or tags to categories, selectively.

50K No CVEs

LWS Optimize – All-in-One Speed Booster & Cache Tools

lws-optimize

All-in-one speed optimization: caching, WebP/AVIF, Critical CSS, lazy loading, CDN, and more. Instantly boost Core Web Vitals and site speed!

10K 2 CVEs

Developer Profile

Word to html Developer Profile

wibergsweb

2 plugins · 320 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

55 days

View full developer profile

Detection Fingerprints

How We Detect Word to html

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/word-to-html/css/wibergsweb.css

HTML / DOM Fingerprints

CSS Classes

wrap

Data Attributes

wordtohtml_create

Shortcode Output

[wordtohtml_create html_class=”wordtohtml” source_files=”sweden.docx” path="maps"]

FAQ