Does Classic Editor and Classic Widgets have any unpatched vulnerabilities?

No. All known vulnerabilities in Classic Editor and Classic Widgets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Classic Editor and Classic Widgets compatible with WordPress 6.9.4?

According to WordPress.org data, Classic Editor and Classic Widgets 1.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Classic Editor and Classic Widgets compatible with PHP 5.6+?

Classic Editor and Classic Widgets requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Classic Editor and Classic Widgets updated?

Classic Editor and Classic Widgets was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is Classic Editor and Classic Widgets's security score?

Classic Editor and Classic Widgets has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Classic Editor and Classic Widgets Security & Risk Analysis

wordpress.org/plugins/classic-editor-and-classic-widgets

Disables Gutenberg editor totally everywhere and enables Classic Editor and Classic Widgets.

20K active installs v1.5.0 PHP 5.6+ WP 4.9+ Updated Feb 12, 2026

block-editorclassic-editorclassic-widgetsdisable-gutenberg

A · Safe

CVEs total2

Unpatched0

Last CVESep 25, 2024

Plugin page Download

Safety Verdict

Is Classic Editor and Classic Widgets Safe to Use in 2026?

Generally Safe

Score 99/100

Classic Editor and Classic Widgets has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 25, 2024Updated 1mo ago

Risk Assessment

The "classic-editor-and-classic-widgets" plugin exhibits a mixed security posture. The static analysis reveals a very small attack surface, with only one identified entry point, an AJAX handler. While most code signals are positive, including excellent output escaping and the use of prepared statements for all SQL queries, the absence of capability checks on the AJAX handler is a significant concern. This unprotected entry point could be exploited if it performs sensitive operations.

The plugin's vulnerability history is concerning, with two previously disclosed medium severity vulnerabilities, one being SQL Injection and the other CSRF. While these are currently patched, the recurrence of such issues suggests potential weaknesses in the plugin's security development lifecycle. The fact that these were medium severity and are now patched is a positive sign, but the historical pattern warrants caution.

Overall, the plugin has strengths in code hygiene and a limited attack surface. However, the unprotected AJAX handler represents a critical immediate risk. The historical vulnerability pattern, despite current patching, indicates a need for continued vigilance and thorough security testing. It's recommended to address the unprotected AJAX handler with an immediate capability check to mitigate the most pressing risk.

Key Concerns

Unprotected AJAX handler
Historical medium severity vulnerabilities (2)

Vulnerabilities

Classic Editor and Classic Widgets Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-47312medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Classic Editor and Classic Widgets <= 1.4.1 - Authenticated (Subscriber+) SQL Injection

Sep 25, 2024 Patched in 1.4.2 (8d)

CVE-2023-27434medium · 4.3Cross-Site Request Forgery (CSRF)

Classic Editor and Classic Widgets <= 1.2.5 - Cross-Site Request Forgery via render_settings_page

Mar 3, 2023 Patched in 1.2.6 (326d)

Code Analysis

Analyzed Mar 16, 2026

Classic Editor and Classic Widgets Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

54 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped55 total outputs

Attack Surface

1 unprotected

Classic Editor and Classic Widgets Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_cew_autocomplete_searchincludes\fields\Autocomplete.php:9

WordPress Hooks 19

actionplugins_loadedincludes\autoload.php:34

actionadmin_menuincludes\Dashboard.php:9

actionadmin_menuincludes\Dashboard.php:10

actionwp_enqueue_scriptsincludes\Frontend.php:18

actionadmin_initincludes\Gutenberg.php:11

filteruse_block_editor_for_postincludes\Gutenberg.php:14

filterget_edit_post_linkincludes\Gutenberg.php:15

filteredit_form_topincludes\Gutenberg.php:16

filterpage_row_actionsincludes\Gutenberg.php:19

filterpost_row_actionsincludes\Gutenberg.php:20

actionadd_meta_boxesincludes\Gutenberg.php:23

actionenqueue_block_editor_assetsincludes\Gutenberg.php:24

actionwidgets_admin_pageincludes\Gutenberg.php:27

actionwidgets_admin_pageincludes\Gutenberg.php:28

actionadmin_initincludes\Gutenberg.php:29

filteruse_block_editor_for_post_typeincludes\Gutenberg.php:64

filtergutenberg_use_widgets_block_editorincludes\Gutenberg.php:73

filteruse_widgets_block_editorincludes\Gutenberg.php:74

filteracf/settings/remove_wp_meta_boxincludes\Gutenberg.php:189

Maintenance & Trust

Classic Editor and Classic Widgets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 12, 2026

PHP min version5.6

Downloads282K

Community Trust

Rating100/100

Number of ratings5

Active installs20K

Alternatives

Classic Editor and Classic Widgets Alternatives

Enable Classic Editor & Widgets

enable-classic-editor

100

A simple & lightweight plugin to enable the classic editor on WordPress with advanced configuration options.

2K No CVEs

WP Disable Block Editor

wp-disable-block-editor

This plugin will WP Disable Block Editor & enable the Classic Editor and original Edit Post screen (TinyMCE, meta boxes, etc all).

100 No CVEs

WPDevs Classic Editor & Widgets

wpdevs-classic-editor-widgets

WPDevs Classic Editor & Widgets enables the traditional WordPress classic editor, classic widgets, and the previous version of the Edit Post scree …

10 No CVEs

Daisy Disable Blocks — Disable Gutenberg, Enable Classic Editor, Disable Block Editor

daisy-disable-blocks

100

Disable Gutenberg Blocks and restore the Classic Editor with a simple toggle.

0 No CVEs

Habibur Classic Editor Switch

habibur-classic-editor-switch

100

Disables the block editor (Gutenberg) in WordPress and enables the classic editor.

0 No CVEs

Developer Profile

Classic Editor and Classic Widgets Developer Profile

WP Grim

3 plugins · 40K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

221 days

View full developer profile

Detection Fingerprints

How We Detect Classic Editor and Classic Widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/classic-editor-and-classic-widgets/assets/js/jquery-ui.min.js

Version Parameters

classic-editor-and-classic-widgets/assets/js/jquery-ui.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

name="classic-editor"value=""

FAQ