WP-Safety

Chief Editor Security & Risk Analysis

wordpress.org/plugins/chief-editor

Helps wordpress multisite "chief editor" to manage all drafts, comments, authors and "ready for publication" sends across the netw …

10 active installs v5.4.3 PHP + WP 3.5+ Updated Jan 29, 2020
authorchiefdrafteditormultisite
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Chief Editor Safe to Use in 2026?

Generally Safe

Score 85/100

Chief Editor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "chief-editor" plugin version 5.4.3 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers and the presence of dangerous functions like `exec` and `shell_exec` within its code. While the plugin demonstrates good practices in SQL query handling by exclusively using prepared statements and a reasonable number of nonce and capability checks, the high percentage of improperly escaped output (43%) is a notable weakness that could lead to cross-site scripting (XSS) vulnerabilities. The taint analysis reveals several flows with unsanitized paths, although they are not currently classified as critical or high severity. This suggests a potential for input manipulation issues that could be exploited if combined with other vulnerabilities.

The plugin's vulnerability history is a strong positive point, with zero recorded CVEs. This indicates a generally well-maintained codebase or at least a lack of publicly disclosed security flaws to date. However, this should not overshadow the immediate risks identified in the static analysis. The combination of unprotected entry points and dangerous functions presents a clear attack vector that warrants immediate attention. The plugin has strengths in data handling and a clean CVE history but significant weaknesses in input validation and output escaping, and an exposed attack surface.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous functions (exec, shell_exec)
  • Unescaped output percentage is high
  • Flows with unsanitized paths
  • Bundled outdated library (DataTables v1.10.16)
Vulnerabilities
None known

Chief Editor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Chief Editor Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Chief Editor Code Analysis

Dangerous Functions
8
Raw SQL Queries
0
17 prepared
Unescaped Output
155
118 escaped
Nonce Checks
8
Capability Checks
19
File Operations
11
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

exec$cmdOut = exec($cmd, $outputArray);admin/admin_settings.php:65
exec$cmdOut = exec($cmd, $outputArray);admin/admin_settings.php:74
exec$pythonVersion = exec($pyCmd, $outputArray);admin/admin_settings.php:95
exec$pythonVersion = exec($cmd, $outputArray);admin/admin_settings.php:126
shell_exec$retValue = shell_exec ( $pyCmd );admin/chiefed_image_processing.php:61
shell_exec$retValue = shell_exec ( $pyCmd );admin/chiefed_image_processing.php:66
shell_exec$retValue = shell_exec ( $cmd );admin/chiefed_image_processing.php:71
shell_exec$retValue = shell_exec ( $pyCmd );admin/chiefed_image_processing.php:85

Bundled Libraries

DataTables1.10.16

SQL Query Safety

100% prepared17 total queries

Output Escaping

43% escaped273 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
ce_process_ajax_bat_confirm (admin/chief-editor-admin.php:309)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Chief Editor Attack Surface

Entry Points9
Unprotected6

AJAX Handlers 6

authwp_ajax_ce_send_author_std_validation_emailadmin/chief-editor-admin.php:181
authwp_ajax_ce_send_author_std_validation_email_confirmedadmin/chief-editor-admin.php:185
authwp_ajax_chiefed_get_table_dataadmin/chief-editor-admin.php:190
noprivwp_ajax_chiefed_get_table_dataadmin/chief-editor-admin.php:194
authwp_ajax_chiefed_extract_images_to_galleryadmin/pre_desktop_publishing.php:94
noprivwp_ajax_chiefed_extract_images_to_galleryadmin/pre_desktop_publishing.php:98

Shortcodes 3

[chiefeditor_post_list] admin/chief-editor-admin.php:212
[chiefed_editor_dashboard] chiefed_front_datatable.php:18
[chiefed_shot_single_page] chiefed_front_datatable.php:24
WordPress Hooks 25
actionadmin_initadmin/chief-editor-admin.php:158
actionadmin_initadmin/chief-editor-admin.php:163
actionadmin_initadmin/chief-editor-admin.php:167
actionadmin_initadmin/chief-editor-admin.php:171
actionadmin_menuadmin/chief-editor-admin.php:176
actionnetwork_admin_menuadmin/chief-editor-admin.php:199
actionnetwork_admin_menuadmin/chief-editor-admin.php:203
actionadmin_menuadmin/chief-editor-admin.php:207
actioninitadmin/chiefed_custom_status.php:76
actionadmin_footeradmin/chiefed_custom_status.php:77
actionadd_meta_boxesadmin/meta_boxes.php:115
actionsave_postadmin/meta_boxes.php:119
actionsave_postadmin/meta_boxes.php:123
actionpost_edit_form_tagadmin/meta_boxes.php:127
actioninitadmin/pre_desktop_publishing.php:32
actionadmin_footer-post.phpadmin/pre_desktop_publishing.php:36
filterwpfc_ajax_postadmin/pre_desktop_publishing.php:42
filterwp_insert_post_dataadmin/pre_desktop_publishing.php:48
actioninitadmin/pre_desktop_publishing.php:79
actioninitadmin/pre_desktop_publishing.php:83
actioninitadmin/pre_desktop_publishing.php:87
actionadmin_enqueue_scriptschief-editor.php:51
actioninitchief-editor.php:52
actionwp_enqueue_scriptschief-editor.php:53
actionwp_enqueue_scriptschiefed_front_datatable.php:30
Maintenance & Trust

Chief Editor Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 29, 2020
PHP min version
Downloads4K

Community Trust

Rating80/100
Number of ratings2
Active installs10
Alternatives

Chief Editor Alternatives

Admin Page Notes

Admin Page Notes

admin-page-notes

A
100

Gives administrators the ability to add notes to posts of any post type (including pages) that are prominently displayed for users editing the site.

800 No CVEs
Author hReview

Author hReview

author-hreview

A
85

Add Google Rich Snippets for reviews based on schema.org for a better WordPress SEO, customize search results with rating stars for more traffic and c …

300 No CVEs
Draft Notify

Draft Notify

draft-notify

C
63

This plugin is designed to send an email notification whenever a draft is saved.

100 1 unpatched
Theme Companion

Theme Companion

theme-companion

A
85

This plugin is used to assist in designing sites without editing the original style.css

100 No CVEs
Wp-autosave

Wp-autosave

wp-autosave

A
85

"Wp-autosave" plugin is for automatically saving posts being written in the Classic Editor

100 No CVEs
Developer Profile

Chief Editor Developer Profile

termel

16 plugins · 810 total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Chief Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/chief-editor/libs/jqueryui/1.12.1/jquery-ui.min.css/wp-content/plugins/chief-editor/libs/jqueryui/1.12.1/jquery-ui.min.js/wp-content/plugins/chief-editor/libs/node_modules/sweetalert2/dist/sweetalert2.min.css/wp-content/plugins/chief-editor/libs/node_modules/sweetalert2/dist/sweetalert2.min.js/wp-content/plugins/chief-editor/js/chief-editor.js/wp-content/plugins/chief-editor/css/chief-editor.css/wp-content/plugins/chief-editor/css/chief-editor-admin.css/wp-content/plugins/chief-editor/js/sorttable.js+5 more
Script Paths
/wp-content/plugins/chief-editor/js/chief-editor.js/wp-content/plugins/chief-editor/libs/node_modules/sweetalert2/dist/sweetalert2.min.js/wp-content/plugins/chief-editor/js/sorttable.js/wp-content/plugins/chief-editor/js/ChartNew.js/wp-content/plugins/chief-editor/js/chief-editor-graph.js/wp-content/plugins/chief-editor/libs/moment/moment-with-locales.js+1 more
Version Parameters
chief-editor/css/chief-editor.css?ver=chief-editor/css/chief-editor-admin.css?ver=chief-editor/js/sorttable.js?ver=chief-editor/js/ChartNew.js?ver=chief-editor/js/chief-editor-graph.js?ver=chief-editor/libs/moment/moment-with-locales.js?ver=chief-editor/js/chiefed_print_editor.js?ver=chief-editor/css/chiefed-shot.css?ver=

HTML / DOM Fingerprints

CSS Classes
chief-editor-main-wrapperchief-editor-table-wrapperchief-editor-post-titlechief-editor-post-authorchief-editor-post-datechief-editor-post-statuschief-editor-post-categorychief-editor-post-tags+3 more
HTML Comments
<!-- Default to the same capabilities as Contributor --><!-- post author does not need to see others posts, only chief editor of blog -->
Data Attributes
data-ce-actiondata-ce-post-iddata-ce-user-iddata-ce-confirm-message
JS Globals
chiefEditorConfigswal
FAQ

Frequently Asked Questions about Chief Editor