Plugin inspection:

WP Document Revisions

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.


This recommendation applies to version 1.3.6 of this plugin, but the most recent version is 2.0.0. These findings may no longer be correct.


All SQL appears to be escaped correctly. Use of extract() is worrying. Some HTML output is escaped, some is not, however it seems to all require some kind of privileges.

The plugin also contains a copy of the wordpress-tests repository, which includes a lot of PHP meant to be executed on the command line with no checks to prevent it being seen by anybody who can access the Web site. The tests require their own configuration, and we cannot see any obvious way that they could do any harm. Nonetheless, we recommend that this directory be removed or blocked in a production environment.