WP-Safety

WP Document Revisions Security & Risk Analysis

wordpress.org/plugins/wp-document-revisions

A document management and version control plugin for WordPress that allows teams of any size to collaboratively edit files and manage their workflow.

2K active installs v3.8.1 PHP + WP 4.9+ Updated Dec 26, 2025
collaborationdocument-managementdocumentsrevisionsversion-control
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 25, 2025
Plugin page Download
Safety Verdict

Is WP Document Revisions Safe to Use in 2026?

Generally Safe

Score 99/100

WP Document Revisions has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 25, 2025Updated 3mo ago
Risk Assessment

The "wp-document-revisions" v3.8.1 plugin exhibits a generally good security posture with several strong practices in place. The vast majority of SQL queries are prepared, and a high percentage of output is properly escaped, indicating developers are aware of common web vulnerabilities. The presence of numerous capability checks and nonces suggests a commitment to securing entry points. However, the analysis reveals a critical weakness in its attack surface: one unprotected REST API route. This represents a significant risk, as it could be exploited by unauthenticated users to perform unintended actions or gain access to sensitive information. Furthermore, a taint analysis revealed a flow with unsanitized paths, and a critical severity taint, which could lead to path traversal or file manipulation vulnerabilities if not properly handled. The vulnerability history shows a single medium-severity CVE, specifically related to missing authorization, which aligns with the identified unprotected REST API route. While there are no currently unpatched CVEs, this pattern of missing authorization highlights a recurring concern that needs to be addressed to prevent future exploitable vulnerabilities.

Key Concerns

  • REST API route without permission callbacks
  • Flow with unsanitized paths (taint analysis)
  • Critical severity taint flow
  • One unprotected entry point (total)
Vulnerabilities
1

WP Document Revisions Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-68585medium · 4.3Missing Authorization

Document Revisions <= 3.7.2 - Missing Authorization

Dec 25, 2025 Patched in 3.8.0 (13d)
Code Analysis
Analyzed Mar 16, 2026

WP Document Revisions Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
28 prepared
Unescaped Output
29
192 escaped
Nonce Checks
8
Capability Checks
37
File Operations
8
External Requests
0
Bundled Libraries
0

SQL Query Safety

97% prepared29 total queries

Output Escaping

87% escaped221 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
update_post_slug_field (includes\class-wp-document-revisions.php:3343)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP Document Revisions Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 2

authwp_ajax_sample-permalinkincludes\class-wp-document-revisions.php:193
authwp_ajax_override_lockincludes\class-wp-document-revisions.php:211

REST API Routes 1

GET/wp-json/wpdr/v1correct/(?P<id>[\d]+)/type/(?P<code>[\d]+)/attach/(?P<parm>[\d]+)includes\class-wp-document-revisions-validate-structure.php:230

Shortcodes 2

[document_revisions] includes\class-wp-document-revisions-front-end.php:57
[documents] includes\class-wp-document-revisions-front-end.php:58
WordPress Hooks 136
filterpost_updated_messagesincludes\class-wp-document-revisions-admin.php:74
actionadmin_headincludes\class-wp-document-revisions-admin.php:75
actionadmin_headincludes\class-wp-document-revisions-admin.php:78
actionset_object_termsincludes\class-wp-document-revisions-admin.php:79
actionsave_post_documentincludes\class-wp-document-revisions-admin.php:80
actionadmin_initincludes\class-wp-document-revisions-admin.php:81
action_wp_put_post_revisionincludes\class-wp-document-revisions-admin.php:82
filterwp_save_post_revision_post_has_changedincludes\class-wp-document-revisions-admin.php:83
filterdefault_hidden_meta_boxesincludes\class-wp-document-revisions-admin.php:84
actionadmin_print_footer_scriptsincludes\class-wp-document-revisions-admin.php:85
actionadmin_headincludes\class-wp-document-revisions-admin.php:86
actionadmin_headincludes\class-wp-document-revisions-admin.php:87
filtermedia_upload_tabsincludes\class-wp-document-revisions-admin.php:88
filteruse_block_editor_for_postincludes\class-wp-document-revisions-admin.php:90
actionedit_form_after_titleincludes\class-wp-document-revisions-admin.php:91
filterwp_editor_settingsincludes\class-wp-document-revisions-admin.php:92
filtertiny_mce_before_initincludes\class-wp-document-revisions-admin.php:93
filtermanage_document_posts_columnsincludes\class-wp-document-revisions-admin.php:96
filtermanage_document_posts_columnsincludes\class-wp-document-revisions-admin.php:97
actionmanage_document_posts_custom_columnincludes\class-wp-document-revisions-admin.php:98
actionrestrict_manage_postsincludes\class-wp-document-revisions-admin.php:99
filterparse_queryincludes\class-wp-document-revisions-admin.php:100
filterwp_dropdown_users_argsincludes\class-wp-document-revisions-admin.php:101
actionadmin_initincludes\class-wp-document-revisions-admin.php:104
actionupdate_wpmu_optionsincludes\class-wp-document-revisions-admin.php:105
actionupdate_wpmu_optionsincludes\class-wp-document-revisions-admin.php:106
actionupdate_wpmu_optionsincludes\class-wp-document-revisions-admin.php:107
actionwpmu_optionsincludes\class-wp-document-revisions-admin.php:108
actionnetwork_admin_noticesincludes\class-wp-document-revisions-admin.php:109
filterwp_redirectincludes\class-wp-document-revisions-admin.php:110
actionshow_user_profileincludes\class-wp-document-revisions-admin.php:113
actionpersonal_options_updateincludes\class-wp-document-revisions-admin.php:114
actionedit_user_profile_updateincludes\class-wp-document-revisions-admin.php:115
actionadmin_enqueue_scriptsincludes\class-wp-document-revisions-admin.php:118
actionadmin_initincludes\class-wp-document-revisions-admin.php:121
filterajax_query_attachments_argsincludes\class-wp-document-revisions-admin.php:122
actionbefore_delete_postincludes\class-wp-document-revisions-admin.php:125
actiondelete_postincludes\class-wp-document-revisions-admin.php:126
actioninitincludes\class-wp-document-revisions-admin.php:129
filteradmin_body_classincludes\class-wp-document-revisions-admin.php:132
actionwp_dashboard_setupincludes\class-wp-document-revisions-admin.php:135
actionadmin_noticesincludes\class-wp-document-revisions-admin.php:318
actionadmin_noticesincludes\class-wp-document-revisions-admin.php:321
actionshutdownincludes\class-wp-document-revisions-admin.php:786
actionpre_user_queryincludes\class-wp-document-revisions-admin.php:1240
filterpre_delete_postincludes\class-wp-document-revisions-admin.php:1535
filterposts_join_pagedincludes\class-wp-document-revisions-admin.php:1699
filterposts_where_pagedincludes\class-wp-document-revisions-admin.php:1700
filterposts_join_pagedincludes\class-wp-document-revisions-admin.php:1712
filterposts_where_pagedincludes\class-wp-document-revisions-admin.php:1713
filterpre_delete_postincludes\class-wp-document-revisions-admin.php:1737
filterupload_dirincludes\class-wp-document-revisions-admin.php:1873
filterwp_delete_fileincludes\class-wp-document-revisions-admin.php:1874
filterupload_dirincludes\class-wp-document-revisions-admin.php:1894
filterwp_delete_fileincludes\class-wp-document-revisions-admin.php:1895
filterdocument_shortcode_attsincludes\class-wp-document-revisions-front-end.php:59
actionwp_loadedincludes\class-wp-document-revisions-front-end.php:62
actionwp_enqueue_scriptsincludes\class-wp-document-revisions-front-end.php:65
filterblock_categories_allincludes\class-wp-document-revisions-front-end.php:554
filterrest_request_before_callbacksincludes\class-wp-document-revisions-manage-rest.php:46
filterrest_prepare_documentincludes\class-wp-document-revisions-manage-rest.php:49
filterrest_prepare_revisionincludes\class-wp-document-revisions-manage-rest.php:50
filterrest_prepare_attachmentincludes\class-wp-document-revisions-manage-rest.php:51
actionadmin_menuincludes\class-wp-document-revisions-validate-structure.php:174
actionadmin_enqueue_scriptsincludes\class-wp-document-revisions-validate-structure.php:176
actionrest_api_initincludes\class-wp-document-revisions-validate-structure.php:177
filterget_attached_fileincludes\class-wp-document-revisions-validate-structure.php:322
filterget_attached_fileincludes\class-wp-document-revisions-validate-structure.php:381
filterget_attached_fileincludes\class-wp-document-revisions-validate-structure.php:490
filterget_attached_fileincludes\class-wp-document-revisions-validate-structure.php:895
actionplugins_loadedincludes\class-wp-document-revisions.php:130
actioninitincludes\class-wp-document-revisions.php:131
actionadmin_noticesincludes\class-wp-document-revisions.php:132
actioninitincludes\class-wp-document-revisions.php:135
actioninitincludes\class-wp-document-revisions.php:136
actionadmin_initincludes\class-wp-document-revisions.php:137
filterupdate_post_term_count_statusesincludes\class-wp-document-revisions.php:144
actionadmin_initincludes\class-wp-document-revisions.php:146
filterthe_contentincludes\class-wp-document-revisions.php:148
actionpre_get_postsincludes\class-wp-document-revisions.php:151
actiongenerate_rewrite_rulesincludes\class-wp-document-revisions.php:173
filtermod_rewrite_rulesincludes\class-wp-document-revisions.php:174
filterrewrite_rules_arrayincludes\class-wp-document-revisions.php:176
filtertransient_rewrite_rulesincludes\class-wp-document-revisions.php:177
actioninitincludes\class-wp-document-revisions.php:178
actionpost_type_linkincludes\class-wp-document-revisions.php:179
actionpost_linkincludes\class-wp-document-revisions.php:180
filtertemplate_includeincludes\class-wp-document-revisions.php:181
filterserve_document_authincludes\class-wp-document-revisions.php:182
actionparse_requestincludes\class-wp-document-revisions.php:183
filterquery_varsincludes\class-wp-document-revisions.php:184
filterdefault_feedincludes\class-wp-document-revisions.php:185
actiondo_feed_revision_logincludes\class-wp-document-revisions.php:186
actiontemplate_redirectincludes\class-wp-document-revisions.php:187
filterget_sample_permalink_htmlincludes\class-wp-document-revisions.php:188
filterwp_get_attachment_urlincludes\class-wp-document-revisions.php:189
filterimage_downsizeincludes\class-wp-document-revisions.php:190
filterdocument_pathincludes\class-wp-document-revisions.php:191
filterredirect_canonicalincludes\class-wp-document-revisions.php:192
filterprivate_title_formatincludes\class-wp-document-revisions.php:196
filterprotected_title_formatincludes\class-wp-document-revisions.php:197
filterthe_titleincludes\class-wp-document-revisions.php:198
filterattachment_linkincludes\class-wp-document-revisions.php:201
filterget_attached_fileincludes\class-wp-document-revisions.php:202
filterwp_handle_upload_prefilterincludes\class-wp-document-revisions.php:203
filterwp_handle_uploadincludes\class-wp-document-revisions.php:204
filterwp_generate_attachment_metadataincludes\class-wp-document-revisions.php:206
actionsave_post_documentincludes\class-wp-document-revisions.php:214
actionef_module_options_loadedincludes\class-wp-document-revisions.php:217
actionpp_statuses_initincludes\class-wp-document-revisions.php:218
actioninitincludes\class-wp-document-revisions.php:220
filterget_the_excerptincludes\class-wp-document-revisions.php:223
filterget_next_post_whereincludes\class-wp-document-revisions.php:226
filterget_previous_post_whereincludes\class-wp-document-revisions.php:227
filterpre_delete_postincludes\class-wp-document-revisions.php:230
filterwp_revisions_to_keepincludes\class-wp-document-revisions.php:233
actionwidgets_initincludes\class-wp-document-revisions.php:246
actioninitincludes\class-wp-document-revisions.php:247
actionrest_api_initincludes\class-wp-document-revisions.php:255
filterposts_resultsincludes\class-wp-document-revisions.php:559
filterpost_thumbnail_sizeincludes\class-wp-document-revisions.php:578
filterwp_get_attachment_urlincludes\class-wp-document-revisions.php:1408
filterwp_get_attachment_urlincludes\class-wp-document-revisions.php:1822
filterupload_dirincludes\class-wp-document-revisions.php:2053
filtermanage_document_posts_columnsincludes\class-wp-document-revisions.php:2864
actionmanage_document_posts_custom_columnincludes\class-wp-document-revisions.php:2865
filterquery_varsincludes\class-wp-document-revisions.php:2868
filterdocument_use_workflow_statesincludes\class-wp-document-revisions.php:2872
filtermanage_document_posts_columnsincludes\class-wp-document-revisions.php:2990
actionmanage_document_posts_custom_columnincludes\class-wp-document-revisions.php:2991
filterquery_varsincludes\class-wp-document-revisions.php:2994
filterdocument_use_workflow_statesincludes\class-wp-document-revisions.php:2998
filterqueryincludes\class-wp-document-revisions.php:3216
filterimage_downsizeincludes\class-wp-document-revisions.php:3411
filterwp_get_attachment_urlincludes\class-wp-document-revisions.php:3412
filternocache_headersincludes\class-wp-document-revisions.php:3595
Maintenance & Trust

WP Document Revisions Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 26, 2025
PHP min version
Downloads170K

Community Trust

Rating74/100
Number of ratings23
Active installs2K
Alternatives

WP Document Revisions Alternatives

BuddyPress Docs

BuddyPress Docs

buddypress-docs

A
97

Adds collaborative Docs to BuddyPress.

7K 3 CVEs
Document Gallery – Display PDF Gallery from Many Folders

Document Gallery – Display PDF Gallery from Many Folders

catfolders-document-gallery

A
100

Display WordPress PDF gallery and file gallery from folder. Comes with a clean, searchable & sortable list/grid layout.

3K No CVEs
Post Forking

Post Forking

post-forking

A
85

WordPress Post Forking allows users to fork or create an alternate version of content to foster a more collaborative approach to WordPress content cur &hellip;

20 No CVEs
WP GitHub Sync Meta

WP GitHub Sync Meta

wp-github-sync-meta

A
100

A WordPress plugin to sync meta, tags and categories with a GitHub via wp-github-sync

10 No CVEs
Writing On GitHub

Writing On GitHub

writing-on-github

A
100

A WordPress plugin to allow you writing on GitHub (or Jekyll site).

10 No CVEs
Developer Profile

WP Document Revisions Developer Profile

Ben Balter

7 plugins · 3K total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
13 days
View full developer profile
Detection Fingerprints

How We Detect WP Document Revisions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-document-revisions/css/wp-document-revisions-admin.css/wp-content/plugins/wp-document-revisions/css/wp-document-revisions-editor.css/wp-content/plugins/wp-document-revisions/css/wp-document-revisions-public.css/wp-content/plugins/wp-document-revisions/js/wp-document-revisions-admin.js/wp-content/plugins/wp-document-revisions/js/wp-document-revisions-editor.js/wp-content/plugins/wp-document-revisions/js/wp-document-revisions-public.js
Script Paths
/wp-content/plugins/wp-document-revisions/js/wp-document-revisions-admin.js/wp-content/plugins/wp-document-revisions/js/wp-document-revisions-editor.js/wp-content/plugins/wp-document-revisions/js/wp-document-revisions-public.js
Version Parameters
wp-document-revisions/css/wp-document-revisions-admin.css?ver=wp-document-revisions/css/wp-document-revisions-editor.css?ver=wp-document-revisions/css/wp-document-revisions-public.css?ver=wp-document-revisions/js/wp-document-revisions-admin.js?ver=wp-document-revisions/js/wp-document-revisions-editor.js?ver=wp-document-revisions/js/wp-document-revisions-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpdr-document-editingwpdr-editor-toolbar
HTML Comments
<!-- WP Document Revisions --><!-- Last revision: --><!-- Last but one revision: --><!-- Document attachments -->
Data Attributes
data-wpdr-revision-iddata-wpdr-post-id
JS Globals
wpdr_admin_paramswpdr_editor_params
FAQ

Frequently Asked Questions about WP Document Revisions