Does WP-KaTeX have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-KaTeX have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-KaTeX compatible with WordPress 5.2.24?

According to WordPress.org data, WP-KaTeX 1.11.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is WP-KaTeX compatible with PHP 5.3+?

WP-KaTeX requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP-KaTeX updated?

WP-KaTeX was last updated on Aug 14, 2019. Frequent updates are generally a positive security signal.

What is WP-KaTeX's security score?

WP-KaTeX has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-KaTeX Security & Risk Analysis

wordpress.org/plugins/wp-katex

Integrates the super-fast KaTeX LaTeX equation typesetting engine with WordPress. Create beautiful, yet performant math in your posts and pages.

800 active installs v1.11.0 PHP 5.3+ WP 3.9+ Updated Aug 14, 2019

equationkatexlatexmathmathjax

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-KaTeX Safe to Use in 2026?

Generally Safe

Score 85/100

WP-KaTeX has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The wp-katex plugin version 1.11.0 exhibits a generally good security posture based on the provided static analysis. There are no detected dangerous functions, SQL queries are all prepared, and no file operations or external HTTP requests are made, which significantly reduces the attack surface. The absence of any recorded vulnerabilities in its history is also a positive indicator.

However, a critical concern arises from the output escaping results, where 100% of the outputs are not properly escaped. This means that any data processed or displayed by the plugin could potentially be vulnerable to cross-site scripting (XSS) attacks if user-supplied input is not adequately sanitized before being rendered. While the plugin has a limited attack surface with only one shortcode and no unprotected entry points identified, the lack of output escaping on its sole output presents a significant risk that needs immediate attention.

In conclusion, while the plugin avoids common pitfalls like raw SQL or insecure AJAX/REST API endpoints, the complete lack of output escaping is a major weakness. This oversight could allow for serious security vulnerabilities, outweighing the plugin's otherwise clean code signals and vulnerability history. It is strongly recommended that the developer prioritize implementing proper output sanitization for all data handled by the plugin.

Key Concerns

Output escaping is not properly implemented

Vulnerabilities

None known

WP-KaTeX Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP-KaTeX Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

WP-KaTeX Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[latex] scripts\frontend.php:41

WordPress Hooks 5

actionadmin_menuscripts\admin.php:4

actionadmin_initscripts\admin.php:5

actioninitscripts\frontend.php:21

actionwp_footerscripts\frontend.php:52

filterno_texturize_shortcodesscripts\frontend.php:60

Maintenance & Trust

WP-KaTeX Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 14, 2019

PHP min version5.3

Downloads22K

Community Trust

Rating92/100

Number of ratings11

Active installs800

Alternatives

WP-KaTeX Alternatives

KaTeX

katex

100

Use the fastest math typesetting library on your website.

2K No CVEs

$Youngwhan's Simple Latex$

Youngwhan's Simple Latex

youngwhans-simple-latex

The usage is simple.

200 No CVEs

$MathJax-LaTeX$

MathJax-LaTeX

mathjax-latex

This plugin enables MathJax (http://www.mathjax.org) functionality for WordPress (http://www.wordpress.org).

10K 1 CVE

WP QuickLaTeX

wp-quicklatex

Advanced LaTeX plugin. Native LaTeX syntax. Allows custom preamble, TikZ and other packages. Zoom-independent visual quality (SVG).

5K 2 CVEs

Simple Mathjax

simple-mathjax

100

Yet another plugin to add MathJax support to your wordpress blog. Just wrap your equations inside $ signs and MathJax will render them visually.

4K No CVEs

Developer Profile

WP-KaTeX Developer Profile

ascom

1 plugin · 800 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-KaTeX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-katex/assets/katex.min.css/wp-content/plugins/wp-katex/assets/katex.min.js

Version Parameters

wp-katex/assets/katex.min.css?ver=wp-katex/assets/katex.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-katex-eqkatex-display

Data Attributes

data-display

Shortcode Output

<span class="wp-katex-eq" data-display="false"><span class="wp-katex-eq katex-display" data-display="true">

FAQ