Does Category Editor have any unpatched vulnerabilities?

No. All known vulnerabilities in Category Editor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Category Editor compatible with WordPress 5.6.17?

According to WordPress.org data, Category Editor 3.8.3 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

How often is Category Editor updated?

Category Editor was last updated on Dec 18, 2020. Frequent updates are generally a positive security signal.

What is Category Editor's security score?

Category Editor has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Category Editor Security & Risk Analysis

wordpress.org/plugins/categorytinymce

Provides the ability to add a fully functional tinymce editor and html plus shortcodes to the category description and tag description to style up the …

9K active installs v3.8.3 PHP + WP 3.3+ Updated Dec 18, 2020

category-descriptiontag-descriptionwp_editor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Category Editor Safe to Use in 2026?

Generally Safe

Score 85/100

Category Editor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "categorytinymce" plugin v3.8.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and implementing a capability check for its entry point. The absence of known CVEs and recorded vulnerability history further suggests a relatively stable past. However, a significant concern arises from the complete lack of output escaping. With 12 total outputs analyzed and 0% properly escaped, this presents a substantial risk of cross-site scripting (XSS) vulnerabilities. Furthermore, the presence of a bundled, outdated library (TinyMCE v3.8.3) is a potential risk, as older versions often contain known, exploitable vulnerabilities that may not be reflected in the plugin's specific CVE history if they exist within the bundled component itself. The limited attack surface (one shortcode) is a strength, but the lack of detailed taint analysis data makes it difficult to fully assess internal code risks.

Key Concerns

100% of outputs are unescaped
Bundled outdated library (TinyMCE v3.8.3)
No taint analysis data provided

Vulnerabilities

None known

Category Editor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Category Editor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE3.8.3

Output Escaping

0% escaped12 total outputs

Attack Surface

Category Editor Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[catimmg] categorytinymce.php:642

WordPress Hooks 16

actionadmin_menucategorytinymce.php:38

actionadmin_initcategorytinymce.php:45

actionadmin_print_stylescategorytinymce.php:110

filteredit_category_form_fieldscategorytinymce.php:128

actionedit_category_form_fieldscategorytinymce.php:153

actionedited_categorycategorytinymce.php:221

filteredit_tag_form_fieldscategorytinymce.php:246

actionedit_tag_form_fieldscategorytinymce.php:272

actionedited_termscategorytinymce.php:332

actionwp_headcategorytinymce.php:415

filterwp_titlecategorytinymce.php:475

filterterm_descriptioncategorytinymce.php:482

filterdeleted_term_taxonomycategorytinymce.php:485

actionadmin_headcategorytinymce.php:524

actionadmin_headcategorytinymce.php:525

actionwp_headcategorytinymce.php:683

Maintenance & Trust

Category Editor Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedDec 18, 2020

PHP min version

Downloads134K

Community Trust

Rating90/100

Number of ratings22

Active installs9K

Alternatives

Category Editor Alternatives

Taxonomy TinyMCE

taxonomy-tinymce

This plugin replaces a taxonomy term description textarea with the buildin TinyMCE WYSIWYG.

900 No CVEs

Move Category description under products for WooCommerce

wc-category-description-jump-under-products

Move-Category-description-under-products-for-WooCommerce

300 No CVEs

Allow HTML in Category Descriptions

allow-html-in-category-descriptions

This plugin allows you to use unfiltered HTML in your category descriptions by disabling selected WordPress filters.

9K 1 unpatched

f(x) Editor

fx-editor

Power-up Your WordPress Visual Editor with Boxes, Buttons, Columns, and more...

1K No CVEs

tinyWYM Editor

tinywym-editor

Convert WordPress's WYSIWYG editor into a WYSIWYM editor. Add and edit any HTML tag and attribute from the visual editor.

1K No CVEs

Developer Profile

Category Editor Developer Profile

kevin heath

4 plugins · 9K total installs

trust score

Avg Security Score

80/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Category Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

quicktags-toolbar

Data Attributes

name="description"id="description1"name="Cat_meta[img]"id="Cat_meta[img]"name="Cat_meta[ogimg]"id="Cat_meta[ogimg]"+6 more

FAQ