[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftGyzZL8u9dH_IkGewxXTPXkKCoiuOOuOr592_E7uNgU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":134,"fingerprints":184},"always-edit-in-html","Always Edit In HTML","2.4.6","DeveloperWil","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloperwil\u002F","\u003Cp>If you find yourself entering HTML code into the WordPress page\u002Fpost editor only to have it reformatted or worse removed when in Visual mode then here is the solution for you.\u003C\u002Fp>\n\u003Cp>Always Edit In HTML is a WordPress plugin that removes the “Visual” tab in the page\u002Fpost editor and opens up your page or post in HTML mode, preserving your HTML code.\u003C\u002Fp>\n\u003Cp>\u003Cem>Why would you need this plugin?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>The WordPress page\u002Fpost editor has two tabs at the top right – “Visual” and “Text”.\u003C\u002Fp>\n\u003Col>\n\u003Cli>The Text tab allows you to enter HTML code onto the page or post and when saving or publishing the post it preserves your code just the way you entered it.\u003C\u002Fli>\n\u003Cli>The Visual tab has all the fancy writing style tools but when you save or publish your page or post, WordPress parses and formats the content which may results in your HTML code not working or even being removed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>WordPress does not remember the tab option for each page or post.  It will open up a page or post using whichever Visual or Text tab you last used.\u003C\u002Fp>\n\u003Cp>This means that if you were editing a post using the Visual tab, saved it and then edited the page or post you had entered the HTML code into, that page would open in Visual mode and you could loose your HTML code.\u003C\u002Fp>\n\u003Cp>If only there was a plugin that gave you the option to always open up a page or post in HTML\u003C\u002Fp>\n\u003Cp>Ta da!  Here’s one.\u003C\u002Fp>\n\u003Cp>Note: For WordPress 5.x users, this plugin will still work when the Classic Editor plugin is installed and enabled.  It does not work with the Gutenberg block editor.\u003C\u002Fp>\n\u003Ch4>Plugin Page\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.limecanvas.com\u002Fwordpress-plugins\u002Falways-edit-in-html-wordpress-plugin\u002F\" title=\"Always Edit In HTML WordPress Plugin\" rel=\"nofollow ugc\">Always Edit In HTML\u003C\u002Fa>\u003C\u002Fp>\n","Always opens up a specific page or post in HTML mode to preserve HTML code (classic editor only).",1000,87352,88,7,"2024-07-04T01:28:00.000Z","6.6.5","5.2","7.4",[4,20,21,22,23],"edit-post-in-html","html-edit","html-mode","html-tab","https:\u002Fzeropointdevelopment.com\u002Fwordpress-plugins\u002Falways-edit-in-html-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falways-edit-in-html.2.4.6.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":13,"computed_at":36},"developerwil",5,3400,30,"2026-04-04T10:36:09.305Z",[38,61,80,98,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":52,"download_link":59,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cf7-ace-syntax-highlighting","Contact Form 7 Syntax Highlighting","0.2.4","Joris van Montfort","https:\u002F\u002Fprofiles.wordpress.org\u002Fjorisvanmontfort\u002F","\u003Cp>Are you using HTML code in your Contact Form 7 forms and email bodies? Ace syntax highlighting enhanches the Contact Form 7 backend and makes it easy to code HTML for complex forms.\u003C\u002Fp>\n","Adds syntax higlighting to the Contact Form 7 admin screens. Requires the Contact Form 7 plugin.",7134,100,6,"2020-05-19T11:47:00.000Z","5.4.19","4.0.1","",[54,55,56,57,58],"contact-form-7","contact-form-7-form-editor","contact-form-7-html-editor","form-textarea","html-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-ace-syntax-highlighting.zip",85,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":11,"downloaded":69,"rating":47,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":78,"download_link":79,"security_score":47,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"cf7-coder","HTML Editor for Contact Form 7","1.0.1","Wow-Company","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcalc\u002F","\u003Cp>Contact Form 7 plugin allows editing forms with a standard textarea. This addon adds an HTML editor with code highlighter to each contact form and provides many useful options to enhance your forms.\u003C\u002Fp>\n\u003Ch4>Editor Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>HTML Editor\u003C\u002Fstrong> with syntax highlighting powered by CodeMirror\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dark Theme\u003C\u002Fstrong> (Material) support for comfortable editing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-close\u003C\u002Fstrong> brackets and tags\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code folding\u003C\u002Fstrong> and line numbers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search and replace\u003C\u002Fstrong> functionality (Ctrl+F)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Form Behavior Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Test Mode\u003C\u002Fstrong> – Hide form from non-administrators for testing purposes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Auto Tags\u003C\u002Fstrong> – Remove auto-added p and br tags from form output\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect After Submit\u003C\u002Fstrong> – Redirect users to a custom URL after successful submission\n\u003Cul>\n\u003Cli>Support for ACF fields to get dynamic redirect URL from current page\u003C\u002Fli>\n\u003Cli>Option to open redirect URL in new tab\u003C\u002Fli>\n\u003Cli>Option to force file download\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Form After Submit\u003C\u002Fstrong> – Hide the form and show only success message\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable Submit Button\u003C\u002Fstrong> – Prevent double submissions by disabling button during form submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pre-fill Fields from URL\u003C\u002Fstrong> – Auto-fill form fields from URL parameters (e.g., ?your-email=test@example.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GA\u002FGTM Event\u003C\u002Fstrong> – Send custom event to Google Analytics\u002FGTM dataLayer on successful submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scroll to Message\u003C\u002Fstrong> – Automatically scroll to success\u002Ferror message after form submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-hide Success Message\u003C\u002Fstrong> – Automatically hide success message after specified seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Refill\u003C\u002Fstrong> – Clear form fields after validation error\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Performance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Conditional Script Loading\u003C\u002Fstrong> – Load CF7 scripts and styles only on pages with contact form shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To improve the plugin’s functions and add new functions, write to us on the support \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcf7-coder\u002F\" rel=\"ugc\">forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Search for answers and ask your questions at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcf7-coder\u002F\" rel=\"ugc\">forum\u003C\u002Fa> or send requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwow-company\u002Fcf7-coder\u002Fissues\" rel=\"nofollow ugc\">github\u003C\u002Fa>.\u003C\u002Fp>\n","Add HTML editor to Contact Form 7 with code highlighter and extended form options.",10931,2,"2026-01-26T07:25:00.000Z","6.9.4","5.0",[75,76,54,58,77],"cf7","code-editor","redirect","https:\u002F\u002Fwordpress.org\u002Fcf7-coder","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-coder.1.0.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":47,"num_ratings":33,"last_updated":90,"tested_up_to":72,"requires_at_least":91,"requires_php":52,"tags":92,"homepage":52,"download_link":97,"security_score":47,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"protect-schemaorg-markup-in-html-editor","Protect schema.org markup in HTML editor","0.6","Ecwid by Lightspeed Ecommerce Shopping Cart","https:\u002F\u002Fprofiles.wordpress.org\u002Fecwid\u002F","\u003Cp>WordPress HTML editor (tinyMCE) treats schema.org attributes like itemscope\u002Fitemtype\u002Fitemprop as invalid HTML attributes and strips them when you save the post or page content. This plugin alters this behavior and prevent the WordPress HTML editor from removing the schema.org\u002Fmicrodata markup.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>@azaozz suggested the solution. See the issue discussion here: https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F27931\u003C\u002Fp>\n","Easy tool to stop HTML editor from removing schema.org\u002Fmicrodata tags from post or page content.",800,18329,"2025-12-01T06:20:00.000Z","4.0",[58,93,94,95,96],"microdata","rich-snippets","schema-org","tinymce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-schemaorg-markup-in-html-editor.0.6.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":48,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":52,"tags":112,"homepage":115,"download_link":116,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"html-mode-locker","HTML Mode Locker","0.5","Max Chirkov","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaxchirkov\u002F","\u003Cp>We all experienced frustration of using WYSIWYG editor especially when switching between Visual and HTML modes. If you have a need to use Visual editor in your day-to-day operations, but you also need the ability to have some posts or pages in pure HTML format – HTML Mode Locker allows you to do that on per-post basis.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author: Max Chirkov\u003C\u002Fli>\n\u003Cli>Author URI: \u003Ca href=\"http:\u002F\u002Fsimplerealtytheme.com\" title=\"Simple Realty Themes\" rel=\"nofollow ugc\">http:\u002F\u002Fsimplerealtytheme.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Copyright: Released under GNU GENERAL PUBLIC LICENSE\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds and option to lock post editor in HTML Mode on selected post types on per-item basis.",200,7545,84,"2014-01-13T03:23:00.000Z","3.7.41","3.0",[113,114,22],"editor","html","http:\u002F\u002Fsimplerealtytheme.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-mode-locker.0.5.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":106,"downloaded":125,"rating":47,"num_ratings":48,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":52,"tags":129,"homepage":132,"download_link":133,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"syntax-highlight","Syntax Highlight","1.0.2","lukasz.webmaster","https:\u002F\u002Fprofiles.wordpress.org\u002Flukaszwebmaster\u002F","\u003Cp>Syntax Highlighting in WordPress Plugins and Themes Editor.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Syntax highlighting in the Plugins and Themes Editor\u003C\u002Fli>\n\u003Cli>AJAX save through CTRL+S\u003C\u002Fli>\n\u003Cli>Ask whether to leave when there are unsaved changes\u003C\u002Fli>\n\u003Cli>Change font size using Ctrl+=, Ctrl+-\u003C\u002Fli>\n\u003Cli>Configurable through Settings page\u003C\u002Fli>\n\u003Cli>Fullscreen mode (CTRL+Enter)\u003C\u002Fli>\n\u003Cli>Shortcuts (keybindings: Vim, Emacs and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fajaxorg\u002Face\u002Fwiki\u002FDefault-Keyboard-Shortcuts\" title=\"Default shortcuts\" rel=\"nofollow ugc\">Default\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Themes\u003C\u002Fli>\n\u003Cli>Internationalized\u003C\u002Fli>\n\u003Cli>Search and replace with regular expressions (CTRL+F, CTRL+H)\u003C\u002Fli>\n\u003Cli>… and all other features that wonderful \u003Ca href=\"http:\u002F\u002Face.c9.io\u002F\" rel=\"nofollow ugc\">ACE Editor\u003C\u002Fa> provides\u003C\u002Fli>\n\u003C\u002Ful>\n","Syntax Highlighting in WordPress Plugins and Themes Editor.",9470,"2014-07-02T20:27:00.000Z","3.9.40","3.9.1",[113,58,130,118,131],"plugins-editor","themes-editor","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsyntax-highlight\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsyntax-highlight.1.0.2.zip",{"attackSurface":135,"codeSignals":160,"taintFlows":176,"riskAssessment":177,"analyzedAt":183},{"hooks":136,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":27,"unprotectedCount":27},[137,143,147,151],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_init","always_edit_in_html_create_options_box","always-edit-in-html.php",24,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_head","always_edit_in_html_handler",25,{"type":138,"name":148,"callback":149,"file":141,"line":150},"save_post","always_edit_in_html_save_postdata",26,{"type":152,"name":153,"callback":154,"file":141,"line":155},"filter","wp_default_editor","closure",55,[],[],[],[],{"dangerousFunctions":161,"sqlUsage":162,"outputEscaping":164,"fileOperations":27,"externalRequests":27,"nonceChecks":174,"capabilityChecks":70,"bundledLibraries":175},[],{"prepared":27,"raw":27,"locations":163},[],{"escaped":27,"rawEcho":165,"locations":166},3,[167,170,172],{"file":141,"line":168,"context":169},42,"raw output",{"file":141,"line":171,"context":169},103,{"file":141,"line":173,"context":169},104,1,[],[],{"summary":178,"deductions":179},"The plugin 'always-edit-in-html' v2.4.6 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs and a complete lack of critical or high-severity vulnerabilities in its history suggest a well-maintained and secure plugin. Furthermore, the static analysis reveals a remarkably small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without appropriate authentication or permission checks. The code also shows positive signs such as the complete absence of dangerous functions and all SQL queries utilizing prepared statements, indicating a good understanding of secure coding practices regarding database interactions.\n\nHowever, the analysis does highlight a significant concern: a 100% rate of unescaped output across the three identified output points. This means that any data processed by the plugin and then displayed to users or in the admin interface is not being properly sanitized. This could lead to Cross-Site Scripting (XSS) vulnerabilities if the plugin handles or displays user-supplied data without sanitization. While the plugin has one nonce check and two capability checks, the lack of output escaping is a critical weakness that could be exploited. Despite the clean vulnerability history, this oversight presents a direct and exploitable risk that should be addressed.",[180],{"reason":181,"points":182},"All output not properly escaped",8,"2026-03-16T18:58:55.410Z",{"wat":185,"direct":191},{"assetPaths":186,"generatorPatterns":188,"scriptPaths":189,"versionParams":190},[187],"\u002Fwp-content\u002Fplugins\u002Falways-edit-in-html\u002Fimages\u002Fzeropointdevelopment-mark.png",[],[],[],{"cssClasses":192,"htmlComments":194,"htmlAttributes":195,"restEndpoints":199,"jsGlobals":200,"shortcodeOutput":201},[193],"switch-tmce",[],[196,197,198],"name=\"always_edit_in_html\"","id=\"always_edit_in_html\"","name=\"always_edit_in_html_noncename\"",[],[],[]]