WP-Safety

WP LaTeX Security & Risk Analysis

wordpress.org/plugins/wp-latex

WP LaTeX creates PNG images from inline $\LaTeX$ code in your posts and comments.

800 active installs v1.9.3 PHP + WP 3.2+ Updated Nov 18, 2025
equationslatexmathwordpress-com
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP LaTeX Safe to Use in 2026?

Generally Safe

Score 100/100

WP LaTeX has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The wp-latex plugin version 1.9.3 presents a generally good security posture, primarily due to its lack of known vulnerabilities and its diligent use of prepared statements for SQL queries. The absence of any recorded CVEs, historical or current, is a significant strength, indicating a well-maintained or less-targeted codebase. The plugin also demonstrates good practices in output escaping, with a majority of outputs being properly handled. However, a notable concern arises from the presence of 17 instances of the `exec` function, which is a dangerous function that can be exploited to execute arbitrary commands on the server if user-supplied input is passed to it without proper sanitization. While taint analysis shows no current exploitable flows, the potential for misuse of `exec` represents a significant risk that requires careful monitoring and code review. The limited attack surface, with no unprotected entry points, is a positive aspect, but the reliance on capability checks for only two entry points and a single nonce check might leave some functionality vulnerable if the `exec` function is ever triggered with untrusted input.

Key Concerns

  • Presence of dangerous function 'exec'
  • Limited capability checks for entry points
  • Only one nonce check observed
Vulnerabilities
None known

WP LaTeX Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP LaTeX Code Analysis

Dangerous Functions
17
Raw SQL Queries
0
0 prepared
Unescaped Output
13
30 escaped
Nonce Checks
1
Capability Checks
2
File Operations
11
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

execexec( AUTOMATTIC_LATEX_LATEX_PATH . ' --halt-on-error --version > /dev/null 2>&1', $latex_test, $v )automattic-latex-dvipng.php:226
execexec( AUTOMATTIC_LATEX_LATEX_PATH . ' --jobname foo --version < /dev/null >/dev/null 2>&1', $latex_tautomattic-latex-dvipng.php:228
execexec( "$latex_exec > /dev/null 2>&1", $latex_out, $l );automattic-latex-dvipng.php:231
execexec( "$dvipng_exec > /dev/null 2>&1", $dvipng_out, $d );automattic-latex-dvipng.php:257
execexec( "$dvips_exec > /dev/null 2>&1", $dvips_out, $dps );automattic-latex-dvips.php:26
execexec( "$convert_exec > /dev/null 2>&1", $convert_out, $c );automattic-latex-dvips.php:73
execexec( 'mv ' . escapeshellarg( "$latex_object->tmp_file.log" ) . ' ' . WP_CONTENT_DIR . '/latex/test.wp-latex-admin.php:183
execexec( $exec, $out, $r );wp-latex-admin.php:190
execexec( 'mv ' . escapeshellarg( "$latex_object->file" ) . ' ' . WP_CONTENT_DIR . '/latex/test.png' );wp-latex-admin.php:204
exec$guess_latex_path = trim( @exec( 'which latex' ) );wp-latex-admin.php:328
exec$guess_dvipng_path = trim( @exec( 'which dvipng' ) );wp-latex-admin.php:340
exec$guess_dvips_path = trim( @exec( 'which dvips' ) );wp-latex-admin.php:352
exec$guess_convert_path = trim( @exec( 'which convert' ) );wp-latex-admin.php:364
exec$latex_path = trim( @exec( 'which latex' ) );wp-latex-admin.php:451
exec$dvipng_path = trim( @exec( 'which dvipng' ) );wp-latex-admin.php:453
exec$dvips_path = trim( @exec( 'which dvips' ) );wp-latex-admin.php:455
exec$convert_path = trim( @exec( 'which convert' ) );wp-latex-admin.php:457

Output Escaping

70% escaped43 total outputs
Attack Surface

WP LaTeX Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[latex] wp-latex.php:38
[latex] wp-latex.php:174
WordPress Hooks 11
actionadmin_menuwp-latex-admin.php:12
actionadmin_noticeswp-latex-admin.php:20
actionadmin_noticeswp-latex-admin.php:22
actionadmin_headwp-latex-admin.php:56
actionwp_headwp-latex.php:33
filterthe_contentwp-latex.php:35
filterthe_contentwp-latex.php:36
filterno_texturize_shortcodeswp-latex.php:39
filtercomment_textwp-latex.php:42
filtercomment_textwp-latex.php:43
actioninitwp-latex.php:192
Maintenance & Trust

WP LaTeX Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedNov 18, 2025
PHP min version
Downloads46K

Community Trust

Rating100/100
Number of ratings10
Active installs800
Alternatives

WP LaTeX Alternatives

WP QuickLaTeX

WP QuickLaTeX

wp-quicklatex

A
91

Advanced LaTeX plugin. Native LaTeX syntax. Allows custom preamble, TikZ and other packages. Zoom-independent visual quality (SVG).

5K 2 CVEs
Google Equation for WordPress

Google Equation for WordPress

google-docs-equation-for-wordpress

A
100

Using Google chart API for LaTeX to add mathematical equations as images.

10 No CVEs
MathJax-LaTeX

MathJax-LaTeX

mathjax-latex

A
91

This plugin enables MathJax (http://www.mathjax.org) functionality for WordPress (http://www.wordpress.org).

10K 1 CVE
Simple Mathjax

Simple Mathjax

simple-mathjax

A
100

Yet another plugin to add MathJax support to your wordpress blog. Just wrap your equations inside $ signs and MathJax will render them visually.

4K No CVEs
KaTeX

KaTeX

katex

A
100

Use the fastest math typesetting library on your website.

2K No CVEs
Developer Profile

WP LaTeX Developer Profile

Michael Adams (mdawaffe)

7 plugins · 12K total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP LaTeX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-latex/wp-latex.css

HTML / DOM Fingerprints

CSS Classes
latex
Shortcode Output
<img src='' alt='' title='' class='latex' />
FAQ

Frequently Asked Questions about WP LaTeX