[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJvNaLdYZBgt9h5hvwNgMj5rMupDKoPcZJlkM46qKs-g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":131,"fingerprints":331},"bp-forum-editor","BuddyPress Forum Editor","1.0","Taehan Lee","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaehan\u002F","\u003Cp>BuddyPress does not provide a visual editor (WYSIWYG, Rich text editor) and you are restricted to using very simple text. Without the ability to add pictures, colours and Rich Text to your Forum Topics\u002FPosts, the community can get a little boring.\u003C\u002Fp>\n\u003Cp>To solve this problem I’ve created a plugin named BuddyPress Forum Editor. Installing the plugin will add a visual editor to BuddyPress Group Forums! Now you can easily add pictures, colours and Rich Text to your Form Topics\u002FPosts. Yeah!\u003Cbr \u002F>\nFor those of you wondering if BuddyPress Forum Editor will work with both BuddyPress and bbPress based Group Forums, yes it will! Whether you have continued to use the legacy BuddyPress Group Forums or have migrated to use bbPress, BuddyPress Forum Editor is a must-have plugin that provides your members with an easy to use visual editor for BuddyPress Group Forums.\u003C\u002Fp>\n\u003Cp>If you have any question, leave a comment at \u003Ca href=\"http:\u002F\u002Furlless.com\u002F?p=2785\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable buttons: You can customize the buttons that are available in the visual editor via the WP Admin Panel. See the screenshots below for a list of options.\u003C\u002Fli>\n\u003Cli>Overcome limited HTML tags: Most WordPress Users don’t have the “unfiltered_html” capability, so when writing a Post, some HTML tags are stripped. Also, BuddyPress only allows a few tags, so attributes like “class” and “style” are removed. BuddyPress Forum Editor makes up for these shortcomings.\u003C\u002Fli>\n\u003Cli>Overcome Incomplete Styles: As I mentioned, BuddyPress allows only a few tags. Some themes might not consider styles for tags that are not allowed such as “ol, ul, li”. This may result in an unexpected\u002Fugly appearance. BuddyPress Forum Editor makes up for these shortcomings in Post’s and editor’s document style.\u003C\u002Fli>\n\u003Cli>Image Uploader: WordPress’ built-in Visual editor is TinyMCE (I think it is the best Visual editor). This editor provides an easy way for inserting images with a source URL. Unfortunately, It doesn’t provide an uploader. Indeed, most users would like to use a Visual Editor to easily insert images, and in many cases, images may not exist online. So, BuddyPress Forum Editor provides an image uploader button. Like all buttons in the visual editor, it can be added\u002Fremoved via the Admin Panel (button name: “bpfed_image”).\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin provides your members with an easy to use Rich text editor for BuddyPress Group Forums.",400,21574,100,13,"2015-05-14T06:02:00.000Z","4.2.39","3.9","",[20,21,22,23,24],"bp","buddypress","richtext","tinymce","wysiwyg","http:\u002F\u002Furlless.com\u002F?p=2785","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-forum-editor.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"taehan",2,500,30,84,"2026-04-05T15:04:54.381Z",[40,56,77,98,113],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":28,"num_ratings":28,"last_updated":50,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":51,"homepage":54,"download_link":55,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bp-tinymce","BP-TinyMCE","0.4.1","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>This plugin enables rich text editing for BuddyPress users. It uses the TinyMCE editor that is distributed with WordPress.\u003C\u002Fp>\n","Replaces textareas throughout BuddyPress with the TinyMCE rich text box.",10,14724,"2011-09-13T19:50:00.000Z",[21,52,53,23,24],"editor","rich-text","http:\u002F\u002Fteleogistic.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-tinymce.0.4.1.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"black-studio-tinymce-widget","Black Studio TinyMCE Widget","2.7.3","Black Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fblack-studio\u002F","\u003Cp>This plugin adds a new \u003Ccode>Visual Editor\u003C\u002Fcode> widget type that allows you to insert rich text and media objects in your sidebars with no hassle. With Black Studio TinyMCE Widget you will be able to edit your widgets in a WYSIWYG manner using the native WordPress TinyMCE editor, just like you do in posts and pages. And if you are a developer you may still switch back and forth from Visual to HTML mode.\u003C\u002Fp>\n\u003Cp>For years the default WordPress text widget has been very basic and it required HTML knowledge to add formatting and images\u002Fmedia to the text. This plugin was born in 2011 to overcome these limitations. After a long time, in June 2017, version 4.8 of WordPress finally introduced a new text widget that included the ability to manage text widgets with the visual editor. The new widget available in WordPress core could now be used as a basic replacement of Black Studio TinyMCE Widget, but the plugin still offers some additional features, so it remains a must-have for advanced users.\u003C\u002Fp>\n\u003Ch4>Basic Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add rich text widgets to your sidebars and edit them using the TinyMCE visual editor\u003C\u002Fli>\n\u003Cli>Switch between Visual mode and HTML mode (including Quicktags toolbar)\u003C\u002Fli>\n\u003Cli>Insert images, videos, and other media from WordPress Media Library\u003C\u002Fli>\n\u003Cli>Insert links to existing WordPress pages\u002Fposts or external resources\u003C\u002Fli>\n\u003Cli>Support for shortcodes, smilies and embed in widget text (including preview)\u003C\u002Fli>\n\u003Cli>Support for the Block-based Widgets Editor introduced with WordPress 5.8\u003C\u002Fli>\n\u003Cli>Support for Customizer with live preview and quick edit\u003C\u002Fli>\n\u003Cli>Support for widgets accessibility mode\u003C\u002Fli>\n\u003Cli>Compatible with multi-site (WordPress networks)\u003C\u002Fli>\n\u003Cli>Compatible with the most common multi-language plugins\u003C\u002Fli>\n\u003Cli>Compatible with Page Builder plugin by SiteOrigin\u003C\u002Fli>\n\u003Cli>Translations available in 20+ languages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Features\u003C\u002Fh4>\n\u003Cp>These features are what makes this plugin better than the WordPress (4.8+) native widget:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Full featured TinyMCE Visual Editor (the same you have for pages and posts)\u003C\u002Fli>\n\u003Cli>Wide text area for an enhanced editing experience\u003C\u002Fli>\n\u003Cli>Compatible with 3rd party TinyMCE customization plugins (TinyMCE Advanced, WP Edit, …)\u003C\u002Fli>\n\u003Cli>Support for distraction-free (fullscreen) editing mode \u003C\u002Fli>\n\u003Cli>Option to “Automatically add paragraphs” to widget text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About the plugin\u003C\u002Fh4>\n\u003Cp>The story of the plugin was featured in a talk at WordCamp Europe 2018 in Belgrade.\u003Cbr \u002F>\nSee the video \u003Ca href=\"https:\u002F\u002Fwordpress.tv\u002F2018\u002F07\u002F11\u002Ffrancesco-canovi-marco-chiesi-once-upon-a-time-there-was-a-plugin\u002F\" rel=\"nofollow ugc\">Once upon a time, there was a plugin…\u003C\u002Fa> on WordPress.tv.\u003C\u002Fp>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.blackstudio.it\u002Fen\u002F\" rel=\"nofollow ugc\">Author’s web site\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.blackstudio.it\u002Fen\u002Fwordpress-plugins\u002Fblack-studio-tinymce-widget\u002F\" rel=\"nofollow ugc\">Plugin’s page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblack-studio-tinymce-widget\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblack-studio-tinymce-widget\" rel=\"ugc\">Support forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Follow us on \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fblackstudioita\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fblackstudiocomunicazione\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fblack-studio\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fblack-studio\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get involved\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Developers can contribute to the source code on our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fblack-studio\u002Fblack-studio-tinymce-widget\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Translators can contribute through the \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fblack-studio-tinymce-widget\" rel=\"nofollow ugc\">Official WordPress Translation platform\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Users can contribute by leaving a 5 stars \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fblack-studio-tinymce-widget#postform\" rel=\"ugc\">review\u003C\u002Fa> or making a \u003Ca href=\"https:\u002F\u002Fwww.blackstudio.it\u002Fen\u002Fwordpress-plugins\u002Fblack-studio-tinymce-widget\u002F\" rel=\"nofollow ugc\">donation\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","The visual editor widget for WordPress.",200000,11110927,96,192,"2026-03-08T20:09:00.000Z","6.9.4","3.1","5.2",[52,23,73,74,24],"visual","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblack-studio-tinymce-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblack-studio-tinymce-widget.2.7.3.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":13,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":95,"download_link":96,"security_score":97,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"visual-term-description-editor","Visual Term Description Editor","1.8.1","Shea Bunge","https:\u002F\u002Fprofiles.wordpress.org\u002Fbungeshea\u002F","\u003Cp>-Replaces the term description editor with the WordPress TinyMCE visual editor, allowing you to use HTML in term descriptions and write them in rich text. Works on all taxonomies, including tags, categories and link categories, as well as custom taxonomies.\u003C\u002Fp>\n\u003Cp>This plugin is multisite-compatible; if you would like to use it on every blog, network activate the plugin from the network dashboard. Otherwise, activate the plugin for individual sites.\u003C\u002Fp>\n\u003Cp>This plugin’s code is \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsheabunge\u002Fvisual-term-description-editor\" rel=\"nofollow ugc\">available on GitHub\u003C\u002Fa>. Please feel free to fork the repository and send a pull request. If you find a bug in the plugin, open an issue.\u003C\u002Fp>\n","Replaces the plain-text category and tag description editor with a visual editor.",20000,96883,21,"2024-08-17T01:44:00.000Z","6.6.5","3.3","5.4",[93,53,94,23,24],"categories","tags","https:\u002F\u002Fgithub.com\u002Fsheabunge\u002Fvisual-term-description-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvisual-term-description-editor.1.8.1.zip",92,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":66,"num_ratings":108,"last_updated":109,"tested_up_to":89,"requires_at_least":17,"requires_php":18,"tags":110,"homepage":111,"download_link":112,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"advanced-tinymce-configuration","Advanced TinyMCE Configuration","1.6","Andrew Ozz","https:\u002F\u002Fprofiles.wordpress.org\u002Fazaozz\u002F","\u003Cp>This plugin is intended for more advanced users that would like to change the default TinyMCE configuration in WordPress.\u003Cbr \u002F>\nIt makes it very easy to add, remove or change all TinyMCE settings for the classic editor and for the classic block in the block editor.\u003C\u002Fp>\n","Set advanced TinyMCE options for the classic block and classic editor.",10000,210369,12,"2023-04-10T23:51:00.000Z",[52,23,24],"http:\u002F\u002Fwww.laptoptips.ca\u002Fprojects\u002Fadvanced-tinymce-configuration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-tinymce-configuration.1.6.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":13,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":18,"tags":127,"homepage":129,"download_link":130,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"clean-html","Cleanup HTML","1.1","closemarketing","https:\u002F\u002Fprofiles.wordpress.org\u002Fclosemarketing\u002F","\u003Cp>Adds a button to your classic editor visual toolbar that when clicked strips all \u003Ccode>div\u003C\u002Fcode>, ‘table’, \u003Ccode>span\u003C\u002Fcode> tags from your post HTML code — those are usually junk tags. The stripping includes any tag attributes.\u003C\u002Fp>\n","Adds a button to your classic editor visual toolbar that when clicked strips all div, 'table', span tags from your post HTML code -- those a &hellip;",4000,8228,4,"2020-11-30T08:11:00.000Z","5.6.17","3.0",[114,128,23,24],"html","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclean-html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-html.1.1.zip",{"attackSurface":132,"codeSignals":236,"taintFlows":282,"riskAssessment":319,"analyzedAt":330},{"hooks":133,"ajaxHandlers":218,"restRoutes":233,"shortcodes":234,"cronEvents":235,"entryPointCount":123,"unprotectedCount":34},[134,140,145,150,154,157,161,165,169,173,177,180,183,186,188,190,194,198,202,206,210,214],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","bp_init","init","bp-forum-editor.php",49,{"type":141,"name":142,"callback":143,"file":138,"line":144},"filter","bbp_use_wp_editor","__return_false",54,{"type":141,"name":146,"callback":147,"priority":148,"file":138,"line":149},"bbp_get_the_content","get_the_bbp_editor",99,55,{"type":135,"name":151,"callback":152,"file":138,"line":153},"groups_forum_new_topic_after","get_the_bp_topic_new_editor",59,{"type":135,"name":155,"callback":152,"file":138,"line":156},"bp_after_group_forum_post_new",61,{"type":135,"name":158,"callback":159,"file":138,"line":160},"groups_forum_new_reply_after","get_the_bp_reply_new_editor",63,{"type":135,"name":162,"callback":163,"file":138,"line":164},"bp_group_after_edit_forum_topic","get_the_bp_topic_edit_editor",65,{"type":135,"name":166,"callback":167,"file":138,"line":168},"bp_group_after_edit_forum_post","get_the_bp_reply_edit_editor",67,{"type":141,"name":170,"callback":171,"file":138,"line":172},"bp_forums_allowed_tags","allowed_tags",70,{"type":135,"name":174,"callback":175,"priority":148,"file":138,"line":176},"bp_enqueue_scripts","enqueue_scripts",73,{"type":135,"name":178,"callback":178,"file":138,"line":179},"admin_init",82,{"type":135,"name":181,"callback":182,"file":138,"line":37},"network_admin_menu","admin_menu",{"type":141,"name":184,"callback":185,"priority":48,"file":138,"line":27},"network_admin_plugin_action_links","plugin_action_links",{"type":135,"name":182,"callback":182,"file":138,"line":187},90,{"type":141,"name":185,"callback":185,"priority":48,"file":138,"line":189},91,{"type":141,"name":191,"callback":192,"file":138,"line":193},"mce_buttons","mec_buttons",168,{"type":141,"name":195,"callback":196,"file":138,"line":197},"mce_buttons_2","__return_empty_array",169,{"type":141,"name":199,"callback":200,"file":138,"line":201},"quicktags_settings","mce_quicktags_settings",170,{"type":141,"name":203,"callback":204,"file":138,"line":205},"tiny_mce_before_init","mce_before_init",171,{"type":141,"name":207,"callback":208,"file":138,"line":209},"mce_external_plugins","mce_external_plugin",172,{"type":141,"name":211,"callback":212,"file":138,"line":213},"mce_css","mce_editor_style",173,{"type":141,"name":215,"callback":216,"file":138,"line":217},"upload_dir","change_image_subdir",323,[219,224,227,231],{"action":220,"nopriv":221,"callback":222,"hasNonce":221,"hasCapCheck":221,"file":138,"line":223},"bpfed_image_js",false,"image_insert_js",76,{"action":220,"nopriv":225,"callback":222,"hasNonce":221,"hasCapCheck":221,"file":138,"line":226},true,77,{"action":228,"nopriv":221,"callback":229,"hasNonce":225,"hasCapCheck":221,"file":138,"line":230},"bpfed_image_page","image_insert_page",78,{"action":228,"nopriv":225,"callback":229,"hasNonce":225,"hasCapCheck":221,"file":138,"line":232},79,[],[],[],{"dangerousFunctions":237,"sqlUsage":238,"outputEscaping":240,"fileOperations":34,"externalRequests":28,"nonceChecks":241,"capabilityChecks":28,"bundledLibraries":281},[],{"prepared":28,"raw":28,"locations":239},[],{"escaped":241,"rawEcho":242,"locations":243},1,19,[244,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,276,278,280],{"file":138,"line":245,"context":246},118,"raw output",{"file":138,"line":248,"context":246},122,{"file":138,"line":250,"context":246},126,{"file":138,"line":252,"context":246},130,{"file":138,"line":254,"context":246},157,{"file":138,"line":256,"context":246},158,{"file":138,"line":258,"context":246},299,{"file":138,"line":260,"context":246},340,{"file":138,"line":262,"context":246},345,{"file":138,"line":264,"context":246},354,{"file":138,"line":266,"context":246},370,{"file":138,"line":268,"context":246},371,{"file":138,"line":270,"context":246},374,{"file":138,"line":272,"context":246},452,{"file":138,"line":274,"context":246},460,{"file":138,"line":274,"context":246},{"file":138,"line":277,"context":246},464,{"file":138,"line":279,"context":246},471,{"file":138,"line":279,"context":246},[],[283,308],{"entryPoint":284,"graph":285,"unsanitizedCount":28,"severity":307},"image_insert_page (bp-forum-editor.php:308)",{"nodes":286,"edges":304},[287,292,298,300],{"id":288,"type":289,"label":290,"file":138,"line":291},"n0","source","$_FILES",319,{"id":293,"type":294,"label":295,"file":138,"line":296,"wp_function":297},"n1","sink","file_get_contents() [SSRF\u002FLFI]",324,"file_get_contents",{"id":299,"type":289,"label":290,"file":138,"line":291},"n2",{"id":301,"type":294,"label":302,"file":138,"line":270,"wp_function":303},"n3","echo() [XSS]","echo",[305,306],{"from":288,"to":293,"sanitized":225},{"from":299,"to":301,"sanitized":225},"low",{"entryPoint":309,"graph":310,"unsanitizedCount":28,"severity":307},"\u003Cbp-forum-editor> (bp-forum-editor.php:0)",{"nodes":311,"edges":316},[312,313,314,315],{"id":288,"type":289,"label":290,"file":138,"line":291},{"id":293,"type":294,"label":295,"file":138,"line":296,"wp_function":297},{"id":299,"type":289,"label":290,"file":138,"line":291},{"id":301,"type":294,"label":302,"file":138,"line":270,"wp_function":303},[317,318],{"from":288,"to":293,"sanitized":225},{"from":299,"to":301,"sanitized":225},{"summary":320,"deductions":321},"The \"bp-forum-editor\" v1.0 plugin exhibits a mixed security posture. On the positive side, it shows strong adherence to secure coding practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerabilities or CVEs, suggesting a history of relatively secure development. The absence of dangerous functions, external HTTP requests, and flows with unsanitized paths are also commendable.\n\nHowever, significant security concerns are present, primarily stemming from its attack surface. The plugin exposes four AJAX handlers, two of which lack any authentication checks. This creates direct entry points for unauthenticated users to potentially interact with the plugin's functionality, which could lead to unintended consequences if these handlers are not robustly secured. Furthermore, the low percentage of properly escaped output (5%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data might be rendered directly in the browser without proper sanitization.\n\nWhile the lack of historical vulnerabilities is a positive indicator, it does not negate the immediate risks identified in the current code. The combination of unprotected AJAX endpoints and prevalent unescaped output presents a considerable risk of unauthorized actions and client-side attacks. A balanced view shows a plugin with good SQL handling and a clean vulnerability history, but with critical flaws in its attack surface and output sanitization that require urgent attention.",[322,324,327],{"reason":323,"points":48},"Unprotected AJAX handlers",{"reason":325,"points":326},"Low percentage of proper output escaping",8,{"reason":328,"points":329},"Missing capability checks",5,"2026-03-16T19:45:38.706Z",{"wat":332,"direct":342},{"assetPaths":333,"generatorPatterns":336,"scriptPaths":337,"versionParams":339},[334,335],"\u002Fwp-content\u002Fplugins\u002Fbp-forum-editor\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fbp-forum-editor\u002Feditor-content.css",[],[338],"\u002Fwp-content\u002Fplugins\u002Fbp-forum-editor\u002Fbp-forum-editor.js",[340,341],"bp-forum-editor\u002Fstyle.css?ver=","bp-forum-editor\u002Feditor-content.css?ver=",{"cssClasses":343,"htmlComments":346,"htmlAttributes":347,"restEndpoints":349,"jsGlobals":351,"shortcodeOutput":353},[344,345],"bpfed-editor","bpfed-editor-form",[],[348],"data-bpfed-id",[350],"\u002Fwp-json\u002Fbp-forum-editor\u002Fv1\u002Fsettings",[352],"BP_Forum_Editor_AJAX_URL",[]]