[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fy6-fIZoUXQFEf3fxfBNWFrTZ2h15XIcPSO3DxzinibU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":133,"fingerprints":327},"addquicktag","AddQuicktag","2.6.1","Frank Bueltge","https:\u002F\u002Fprofiles.wordpress.org\u002Fbueltge\u002F","\u003Cp>This plugin makes it easy to add Quicktags to the html – and visual-editor. It is possible to export your Quicktags as a JSON – file that can be imported in other installations of the plugin.\u003C\u002Fp>\n\u003Cp>WP-AddQuicktag for WordPress is originally created by \u003Ca href=\"http:\u002F\u002Froel.meurders.nl\u002F\" title=\"Roel Meurders\" rel=\"nofollow ugc\">Roel Meurders\u003C\u002Fa>. The versions in the Repo of AddQuicktag are newer versions, this is a complete rewrite of version 2.0.0 with more functionality.\u003C\u002Fp>\n\u003Cp>The plugin can add configurable custom quicktags to the editor of every post type, including custom post types from other sources. You may choose a post type for which a quicktag shall show up in the editor.\u003Cbr \u002F>\nIf this should not work perfectly well for you, you may also use the hooks inside the plugin. See the examples and hint inside the tab “\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Faddquicktag\u002Fother_notes\u002F\" rel=\"ugc\">Other Notes\u003C\u002Fa>“.\u003C\u002Fp>\n\u003Ch4>Bugs, technical hints or contribute\u003C\u002Fh4>\n\u003Cp>Please give me feedback, contribute and file technical bugs on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbueltge\u002Faddquicktag\" rel=\"nofollow ugc\">GitHub Repo\u003C\u002Fa>. The Wiki on this page has also several hints for the plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Crafted by \u003Ca href=\"https:\u002F\u002Finpsyde.com\" rel=\"nofollow ugc\">Inpsyde\u003C\u002Fa> · Engineering the web since 2006.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Hook for custom post types\u003C\u002Fh4>\n\u003Cp>The plugin adds the quicktag by default to post types\u002FID \u003Ccode>post\u003C\u002Fcode>, \u003Ccode>page\u003C\u002Fcode> and \u003Ccode>comment\u003C\u002Fcode>. To use the plugin for other post types also you may use a filter; see the following example or an example plugin in the \u003Ca href=\"https:\u002F\u002Fgist.github.com\u002F1595155\" rel=\"nofollow ugc\">Gist 1595155\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F add custom function to filter hook 'addquicktag_post_types'\nadd_filter( 'addquicktag_post_types', 'my_addquicktag_post_types' );\n\u002F**\n * Return array $post_types with custom post types\n *\n * @param   $post_type Array\n * @return  $post_type Array\n *\u002F\nfunction my_addquicktag_post_types( $post_types ) {\n\n    $post_types[] = 'edit-comments';\n    return $post_types;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Hook for custom pages\u003C\u002Fh4>\n\u003Cp>It is possible also to filter the pages inside the backend. By default the scripts include the pages \u003Ccode>post.php\u003C\u002Fcode>, \u003Ccode>comment.php\u003C\u002Fcode>. The following example changes this for an another page.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'addquicktag_pages', 'my_addquicktag_pages' );\n\u002F**\n * Return array $page with custom page strings\n *\n * @param   $page Array\n * @return  $page Array\n *\u002F\nfunction my_addquicktag_pages( $page ) {\n\n    $page[] = 'edit-comments.php';\n    return $page;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See this Gist as an example for how to add the Quicktags to the editor of comments: \u003Ca href=\"https:\u002F\u002Fgist.github.com\u002F3076698\" rel=\"nofollow ugc\">Gist: 3076698\u003C\u002Fa>.\u003Cbr \u002F>\nIf you want the Quicktags of this plugin to work on the Quickedit of comments as well, remove the \u003Ccode>.example\u003C\u002Fcode>-part of \u003Ccode>addquicktag_quickedit_comment.php.example\u003C\u002Fcode> filename. The file is a stand alone helper plugin for Add Quicktag. You’ll need to activate this file (plugin) separately in ‘Manage Plugins’.\u003C\u002Fp>\n\u003Ch4>Hook for custom buttons\u003C\u002Fh4>\n\u003Cp>It is possible to add custom buttons to the editor, if the plugin is active.\u003C\u002Fp>\n\u003Cp>The following example adds buttons. The params inside the array are the same as in the settings of the plugin.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>if ( class_exists( 'Add_Quicktag' ) ) :\nadd_filter( 'addquicktag_buttons', 'my_addquicktag_buttons' );\n\nfunction my_addquicktag_buttons( $buttons ) {\n\n    $buttons[] = array(\n        'text'          => 'Permalink',\n        'title'         => '',\n        'start'         => '[permalink]',\n        'end'           => '[\u002Fpermalink]',\n        'access'        => '',\n        'order'         => 1,\n        'visual'        => 1,\n        'post'          => 0,\n        'page'          => 1,\n        'comment'       => 0,\n        'edit-comments' => 0\n    );\n    $buttons[] = array(\n        'text'          => 'Button',\n        'title'         => '',\n        'start'         => '\u003Cspan class=\"border blue\">',\n        'end'           => '\u003C\u002Fspan>',\n        'access'        => '',\n        'order'         => 2,\n        'visual'        => 1,\n        'post'          => 0,\n        'page'          => 1,\n        'comment'       => 0,\n        'edit-comments' => 0\n    );\n    return $buttons;\n}\nendif;\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>License\u003C\u002Fh4>\n\u003Cp>Good news, this plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog. But if you enjoy this plugin, you may consider to thank me and leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Faddquicktag\u002Freviews\u002F#new-post\" rel=\"ugc\">positive review\u003C\u002Fa> for the time I’ve spent writing and supporting this plugin. And I really don’t want to know how many hours of my life this plugin has already eaten 😉\u003C\u002Fp>\n","This plugin makes it easy to add Quicktags to the html - and visual-editor.",100000,1385273,94,44,"2021-05-20T13:37:00.000Z","5.7.15","4.0","",[20,21,22,23,24],"add-buttons","button","editor","quicktag","tinymce","http:\u002F\u002Fbueltge.de\u002Fwp-addquicktags-de-plugin\u002F120\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faddquicktag.2.6.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"bueltge",5,101270,89,30,86,"2026-04-04T03:43:37.358Z",[41,56,74,96,115],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":10,"active_installs":28,"downloaded":48,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":16,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":52,"download_link":53,"security_score":54,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":55},"xhe-quicktags","XHE Quicktags","1.0.0","xhtmlexpert","https:\u002F\u002Fprofiles.wordpress.org\u002Fxhtmlexpert\u002F","\u003Cp>Allows you to add buttons to the WordPress admin text editor.\u003C\u002Fp>\n",862,"5.0","5.5",[20,21,22,23,24],"https:\u002F\u002Fxhtmlexpert.com\u002Fplugins\u002Fwp-addquicktags","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxhe-quicktags.zip",100,"2026-03-15T10:48:56.248Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":28,"num_ratings":28,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":18,"download_link":73,"security_score":54,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"tcd-classic-editor","TCD Classic Editor","1.3.3","DesignPlus","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesignplus\u002F","\u003Cp>This plugin is a tool for those who want to use the Classic Editor more conveniently.\u003C\u002Fp>\n\u003Ch4>Functions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Quick tags\u003C\u002Fli>\n\u003Cli>Google Maps\u003C\u002Fli>\n\u003Cli>Table of Contents\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Third Party Services\u003C\u002Fh4>\n\u003Cp>This plugin relies on the following third-party services:\u003C\u002Fp>\n\u003Ch4>Google Maps API\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service URL\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\" rel=\"nofollow ugc\">Google Maps API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Use\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\u002Fterms\" rel=\"nofollow ugc\">Google Maps API Terms of Use\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fmaps\u002Fterms-20180207\" rel=\"nofollow ugc\">Google Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Google Maps API is used to embed maps on your website. Your API key is sent to Google to authenticate the requests.\u003C\u002Fp>\n","This is a classic editor extension plug-in for TCD users. It is currently offered as a beta board.",3000,16517,"2026-01-28T07:33:00.000Z","6.8.5","6.7","8.0",[71,72,22,23,24],"block-editor","classic-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftcd-classic-editor.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":94,"download_link":95,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"post-editor-buttons-fork","Post Editor Buttons Fork","2.4","Kailey (trepmal)","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrepmal\u002F","\u003Cp>Add custom buttons to the TEXT mode editor toolbar.\u003C\u002Fp>\n\u003Cp>This is a fork of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpost-editor-buttons\u002F\" rel=\"ugc\">Oren Yomtov’s\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>Unsure of the reason behind the poor rating and “doesn’t work” vote. Possibly the user didn’t realized this only adds tags to the \u003Cstrong>HTML editor\u003C\u002Fstrong>? If you use this plugin and it works for you, I’d appreciate it if you’d give my a good star rating and an “it works” vote.\u003C\u002Fp>\n\u003Cp>Conversely, if you have trouble, please post to the forums, and\u002For ask me on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Ftrepmal\" rel=\"nofollow ugc\">twitter (@trepmal)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you need this to work on WordPress \u003C 3.3\u003C\u002Fstrong> download \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpost-editor-buttons-fork\u002Fdownload\u002F\" rel=\"ugc\">2.2.1\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Ftrepmal\" rel=\"nofollow ugc\">I’m on twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you add your own buttons to the post editor's TEXT mode toolbar.",800,14471,98,11,"2016-10-01T03:32:00.000Z","4.6.30","3.3",[20,90,91,92,93],"buttons","post-editor","toolbar","toolbar-buttons","http:\u002F\u002Ftrepmal.com\u002Fplugins\u002Fpost-editor-buttons-fork\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-editor-buttons-fork.2.4.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":54,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":113,"download_link":114,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"tinymce-table","TinyMCE Table","1.0","Gary PEGEOT","https:\u002F\u002Fprofiles.wordpress.org\u002Fgary-pegeot\u002F","\u003Cp>Fr:\u003Cbr \u002F>\nAjoute la création et l’édition des tables à TinyMCE.\u003C\u002Fp>\n\u003Cp>Un bouton permettant de créer ou de modifier les tables existantes apparait dans l’éditeur.\u003C\u002Fp>\n\u003Cp>En:\u003Cbr \u002F>\nAllow you to create and\u002For modify tables through TinyMCE editor.\u003C\u002Fp>\n\u003Cp>** TinyMCE plugin version: 4.1.1\u003C\u002Fp>\n","Ajoute la création et l'édition des tables à TinyMCE",700,6016,2,"2014-07-17T11:48:00.000Z","3.9.40","3.9",[21,22,111,112,24],"table","tables","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftinymce-table\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftinymce-table.zip",{"slug":116,"name":117,"version":44,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":54,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":18,"tags":128,"homepage":18,"download_link":132,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"manage-tinymce-editor","Manage TinyMCE Editor","Daniele De Santis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanieledesantis\u002F","\u003Cp>WordPress Manage TinyMCE Editor allows you to \u003Cstrong>add buttons to WordPress TinyMCE editor\u003C\u002Fstrong>.\u003Cbr \u002F>\nUsing the plugin you will be able to add the following buttons to the default WordPress visual editor:\u003C\u002Fp>\n\u003Cp>Cut\u003Cbr \u002F>\nCopy\u003Cbr \u002F>\nPaste\u003Cbr \u002F>\nSource code\u003Cbr \u002F>\nFont family selector\u003Cbr \u002F>\nFont size selector\u003Cbr \u002F>\nStyle selector\u003Cbr \u002F>\nBackground color\u003Cbr \u002F>\nEmpty document\u003Cbr \u002F>\nSuperscript\u003Cbr \u002F>\nSubscript\u003C\u002Fp>\n\u003Cp>Select the desired buttons in the plugin’s settings page and they will be available in TinyMCE.\u003C\u002Fp>\n","Add buttons to TinyMCE, WordPress' default visual editor.",200,4479,1,"2017-07-13T11:19:00.000Z","4.8.28","4.8",[22,129,130,24,131],"editor-buttons","text-editor","visual-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-tinymce-editor.1.0.0.zip",{"attackSurface":134,"codeSignals":210,"taintFlows":292,"riskAssessment":320,"analyzedAt":326},{"hooks":135,"ajaxHandlers":206,"restRoutes":207,"shortcodes":208,"cronEvents":209,"entryPointCount":28,"unprotectedCount":28},[136,142,146,151,155,160,165,169,174,177,181,184,187,190,194,197,202],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","admin_init","localize_plugin","addquicktag.php",90,{"type":137,"name":143,"callback":144,"file":140,"line":145},"init","on_admin_init",92,{"type":147,"name":148,"callback":149,"priority":150,"file":140,"line":13},"filter","quicktags_settings","remove_quicktags",10,{"type":137,"name":152,"callback":153,"file":140,"line":154},"plugins_loaded","get_object",397,{"type":137,"name":156,"callback":157,"file":158,"line":159},"addquicktag_settings_form_page","get_code_quicktag_area","inc\\class-code-quicktags.php",58,{"type":137,"name":161,"callback":162,"file":163,"line":164},"addquicktag_settings_page","get_im_export_part","inc\\class-imexport.php",87,{"type":137,"name":156,"callback":166,"file":167,"line":168},"get_remove_quicktag_area","inc\\class-remove-quicktags.php",53,{"type":137,"name":170,"callback":171,"file":172,"line":173},"network_admin_menu","add_settings_page","inc\\class-settings.php",106,{"type":147,"name":175,"callback":175,"priority":150,"file":172,"line":176},"network_admin_plugin_action_links",108,{"type":137,"name":178,"callback":179,"file":172,"line":180},"network_admin_notices","get_network_admin_notices",120,{"type":137,"name":182,"callback":171,"file":172,"line":183},"admin_menu",123,{"type":147,"name":185,"callback":185,"priority":150,"file":172,"line":186},"plugin_action_links",125,{"type":137,"name":138,"callback":188,"file":172,"line":189},"register_settings",127,{"type":137,"name":191,"callback":192,"file":172,"line":193},"addquicktag_settings_page_sidebar","get_plugin_infos",136,{"type":137,"name":191,"callback":195,"file":172,"line":196},"get_about_plugin",137,{"type":147,"name":198,"callback":199,"file":200,"line":201},"mce_external_plugins","add_externel_buttons","inc\\class-tinymce.php",54,{"type":147,"name":203,"callback":204,"priority":150,"file":200,"line":205},"mce_buttons_2","extend_editor_buttons",55,[],[],[],[],{"dangerousFunctions":211,"sqlUsage":212,"outputEscaping":214,"fileOperations":124,"externalRequests":28,"nonceChecks":34,"capabilityChecks":106,"bundledLibraries":288},[],{"prepared":28,"raw":28,"locations":213},[],{"escaped":215,"rawEcho":216,"locations":217},6,37,[218,221,223,225,226,228,229,231,233,235,237,239,240,242,244,246,248,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,282,284,286],{"file":140,"line":219,"context":220},240,"raw output",{"file":140,"line":222,"context":220},241,{"file":140,"line":224,"context":220},242,{"file":158,"line":141,"context":220},{"file":158,"line":227,"context":220},96,{"file":158,"line":173,"context":220},{"file":158,"line":230,"context":220},107,{"file":158,"line":232,"context":220},124,{"file":158,"line":234,"context":220},126,{"file":163,"line":236,"context":220},165,{"file":167,"line":238,"context":220},81,{"file":167,"line":164,"context":220},{"file":167,"line":241,"context":220},121,{"file":167,"line":243,"context":220},122,{"file":167,"line":245,"context":220},139,{"file":167,"line":247,"context":220},141,{"file":172,"line":224,"context":220},{"file":172,"line":250,"context":220},262,{"file":172,"line":252,"context":220},305,{"file":172,"line":254,"context":220},318,{"file":172,"line":256,"context":220},393,{"file":172,"line":258,"context":220},452,{"file":172,"line":260,"context":220},455,{"file":172,"line":262,"context":220},458,{"file":172,"line":264,"context":220},463,{"file":172,"line":266,"context":220},468,{"file":172,"line":268,"context":220},472,{"file":172,"line":270,"context":220},487,{"file":172,"line":272,"context":220},492,{"file":172,"line":274,"context":220},498,{"file":172,"line":276,"context":220},503,{"file":172,"line":278,"context":220},505,{"file":172,"line":280,"context":220},506,{"file":172,"line":280,"context":220},{"file":172,"line":283,"context":220},660,{"file":172,"line":285,"context":220},665,{"file":172,"line":287,"context":220},725,[289],{"name":290,"version":29,"knownCves":291},"TinyMCE",[],[293,312],{"entryPoint":294,"graph":295,"unsanitizedCount":28,"severity":311},"import_file (inc\\class-imexport.php:180)",{"nodes":296,"edges":308},[297,302],{"id":298,"type":299,"label":300,"file":163,"line":301},"n0","source","$_FILES",202,{"id":303,"type":304,"label":305,"file":163,"line":306,"wp_function":307},"n1","sink","file_get_contents() [SSRF\u002FLFI]",209,"file_get_contents",[309],{"from":298,"to":303,"sanitized":310},true,"low",{"entryPoint":313,"graph":314,"unsanitizedCount":28,"severity":311},"\u003Cclass-imexport> (inc\\class-imexport.php:0)",{"nodes":315,"edges":318},[316,317],{"id":298,"type":299,"label":300,"file":163,"line":301},{"id":303,"type":304,"label":305,"file":163,"line":306,"wp_function":307},[319],{"from":298,"to":303,"sanitized":310},{"summary":321,"deductions":322},"Based on the static analysis, 'addquicktag' v2.6.1 exhibits a generally strong security posture, particularly in its handling of database interactions and its limited attack surface. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without authentication checks is commendable, indicating a low risk of direct exploitation through these common entry points. The code exclusively uses prepared statements for SQL queries, a critical security best practice that prevents SQL injection vulnerabilities. Furthermore, the taint analysis revealed no unsanitized paths, suggesting that user-supplied data is not being improperly processed in a way that could lead to code execution or other severe security issues. The presence of nonce and capability checks, while limited, shows an awareness of WordPress security mechanisms.\n\nHowever, a significant concern arises from the output escaping metrics. With only 14% of 43 outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Attackers could potentially inject malicious scripts into the plugin's output, which would then be executed in the browsers of users interacting with the site. The single file operation, while not inherently risky without further context, warrants attention to ensure it is not being used in a vulnerable manner. The vulnerability history is clean, with no recorded CVEs, which is a positive indicator. This, combined with the low attack surface and secure SQL practices, suggests that the plugin developers are taking security seriously. Nevertheless, the poor output escaping is a critical weakness that needs to be addressed to mitigate XSS risks.",[323],{"reason":324,"points":325},"Insufficient output escaping",15,"2026-03-16T17:06:41.191Z",{"wat":328,"direct":337},{"assetPaths":329,"generatorPatterns":332,"scriptPaths":333,"versionParams":336},[330,331],"\u002Fwp-content\u002Fplugins\u002Faddquicktag\u002Finc\u002Fclass-settings.php","\u002Fwp-content\u002Fplugins\u002Faddquicktag\u002Finc\u002Fclass-tinymce.php",[],[334,335],"\u002Fwp-content\u002Fplugins\u002Faddquicktag\u002Fjs\u002Fadd-quicktags.dev.js","\u002Fwp-content\u002Fplugins\u002Faddquicktag\u002Fjs\u002Fadd-quicktags.js",[],{"cssClasses":338,"htmlComments":339,"htmlAttributes":340,"restEndpoints":341,"jsGlobals":342,"shortcodeOutput":346},[],[],[],[],[343,344,345],"addquicktag_tags","addquicktag_post_type","addquicktag_pt_for_js",[]]