[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZneGnhskt0AdqoVhK8hqLEbOi_7xB8NBQ4OQ5oIPlQw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":5,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":14,"download_link":19,"security_score":12,"vuln_count":20,"unpatched_count":20,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":32,"analysis":53,"fingerprints":89},"comment-form-tinymce","Comment Form with TinyMCE","1.0.0","Shail Mehta","https:\u002F\u002Fprofiles.wordpress.org\u002Fmehtashail\u002F","\u003Cp>Comment Form with TinyMCE Editor\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Comment Form with TinyMCE\u003C\u002Fstrong>\u003C\u002Fp>\n",10,1516,100,1,"","5.3.21","5.0","5.6",[4],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-form-tinymce.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"mehtashail",11,1080,88,30,86,"2026-04-05T17:22:45.382Z",[33],{"slug":34,"name":35,"version":36,"author":7,"author_profile":37,"description":38,"short_description":39,"active_installs":12,"downloaded":40,"rating":12,"num_ratings":41,"last_updated":42,"tested_up_to":43,"requires_at_least":16,"requires_php":44,"tags":45,"homepage":50,"download_link":51,"security_score":12,"vuln_count":20,"unpatched_count":20,"last_vuln_date":21,"fetched_at":52},"comments-tinymce","Comment Form Editor with TinyMCE","1.1.3","https:\u002F\u002Fprofiles.wordpress.org\u002Fshailu25\u002F","\u003Cp>Users can easily add TinyMCE Editor in Comment Form in just one click.\u003Cbr \u002F>\nUser can also disable heading tags,Media Button & Pre Tags in tinymce editor. (Visual Mode)\u003C\u002Fp>\n","Users can easily add TinyMCE Editor in Comment Form in just one click.",4232,5,"2025-06-07T15:45:00.000Z","6.8.5","7.0",[46,4,47,48,49],"comment-form","comments","tinymce","tinymce-editor","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomments-tinymce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-tinymce.1.1.3.zip","2026-03-15T15:16:48.613Z",{"attackSurface":54,"codeSignals":66,"taintFlows":76,"riskAssessment":77,"analyzedAt":88},{"hooks":55,"ajaxHandlers":62,"restRoutes":63,"shortcodes":64,"cronEvents":65,"entryPointCount":20,"unprotectedCount":20},[56],{"type":57,"name":58,"callback":59,"file":60,"line":61},"filter","comment_form_defaults","comment_form_with_tinymice","comment-form-with-tinymce.php",27,[],[],[],[],{"dangerousFunctions":67,"sqlUsage":68,"outputEscaping":70,"fileOperations":20,"externalRequests":20,"nonceChecks":20,"capabilityChecks":20,"bundledLibraries":72},[],{"prepared":20,"raw":20,"locations":69},[],{"escaped":20,"rawEcho":20,"locations":71},[],[73],{"name":74,"version":6,"knownCves":75},"TinyMCE",[],[],{"summary":78,"deductions":79},"The \"comment-form-tinymce\" v1.0.0 plugin demonstrates a strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the plugin's attack surface. The code also shows excellent practices regarding SQL queries, output escaping, and a complete absence of file operations or external HTTP requests. Furthermore, the lack of taint analysis findings suggests no obvious vulnerabilities related to unsanitized data flows. The vulnerability history is also clean, with no recorded CVEs, indicating a lack of known security issues.\n\nHowever, the analysis does highlight a potential concern with the bundled library, TinyMCE v1.0.0. If this version is outdated and has known vulnerabilities, it could represent a risk that is not directly visible in the plugin's own code. The absence of nonce and capability checks, while not necessarily a direct risk given the zero attack surface, means that if any entry points were to be introduced in future versions, they might be unprotected. Overall, the plugin is well-secured based on current data, but vigilance regarding the bundled library and potential future additions to its attack surface is warranted.",[80,83,86],{"reason":81,"points":82},"Bundled outdated library: TinyMCE v1.0.0",4,{"reason":84,"points":85},"No nonce checks",3,{"reason":87,"points":85},"No capability checks","2026-03-16T23:26:50.941Z",{"wat":90,"direct":95},{"assetPaths":91,"generatorPatterns":92,"scriptPaths":93,"versionParams":94},[],[],[],[],{"cssClasses":96,"htmlComments":98,"htmlAttributes":99,"restEndpoints":100,"jsGlobals":101,"shortcodeOutput":102},[97],"wp-editor-container",[],[],[],[],[]]