Does edithtmldom have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is edithtmldom compatible with WordPress 4.0.38?

According to WordPress.org data, edithtmldom 1.0 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is edithtmldom updated?

edithtmldom was last updated on Sep 5, 2014. Frequent updates are generally a positive security signal.

What is edithtmldom's security score?

edithtmldom has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

edithtmldom Security & Risk Analysis

wordpress.org/plugins/edithtmldom

Get DOM url or file and remove or replace contents in few minutes.

10 active installs v1.0 PHP + WP 3.0+ Updated Sep 5, 2014

control-structure-htmledit-new-classget-dom-urlmodify-contentreplace-tag-html

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is edithtmldom Safe to Use in 2026?

Generally Safe

Score 85/100

edithtmldom has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'edithtmldom' v1.0 plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode identified, and no known historical vulnerabilities (CVEs) have been recorded, suggesting a generally cautious development approach. The plugin also utilizes prepared statements for its single SQL query, which is a good security practice.

However, there are significant concerns that outweigh the strengths. The most critical finding is that 100% of its output is not properly escaped. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the WordPress environment. Furthermore, the absence of nonce checks and capability checks on its entry points means that any user, regardless of their role or privileges, could potentially trigger actions or expose sensitive information if the shortcode's functionality can be leveraged maliciously.

The lack of taint analysis results is not necessarily a positive sign; it could simply mean that the analysis tool did not find any flows or that the analysis was not performed comprehensively enough to detect potential issues in the limited code provided. Given the critical output escaping deficiency and lack of authorization checks, the plugin's current security is concerning despite its clean vulnerability history.

Key Concerns

All output is unescaped (XSS risk)
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

edithtmldom Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

edithtmldom Release Timeline

v1.0Current

Code Analysis

Analyzed Apr 16, 2026

edithtmldom Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped5 total outputs

Attack Surface

edithtmldom Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[modifycontents] edithtmldom.php:45

WordPress Hooks 5

filterthe_contentedithtmldom.php:46

filterwidget_textedithtmldom.php:47

filterwp_list_pagesedithtmldom.php:48

actionadmin_initedithtmldom.php:68

actionadmin_menuedithtmldom.php:100

Maintenance & Trust

edithtmldom Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedSep 5, 2014

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

edithtmldom Alternatives

No alternatives data available yet.

Developer Profile

edithtmldom Developer Profile

ulmdesign

2 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect edithtmldom

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

wp-editor-container

Shortcode Output

[modifycontents]

FAQ