Does Foliopress WYSIWYG have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Foliopress WYSIWYG compatible with WordPress 4.9.29?

According to WordPress.org data, Foliopress WYSIWYG 2.6.18 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Foliopress WYSIWYG updated?

Foliopress WYSIWYG was last updated on Jan 21, 2025. Frequent updates are generally a positive security signal.

What is Foliopress WYSIWYG's security score?

Foliopress WYSIWYG has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Foliopress WYSIWYG Security & Risk Analysis

wordpress.org/plugins/foliopress-wysiwyg

Foliopress WYSIWYG is the editor you were always hoping for, every time you installed a new content management system.

200 active installs v2.6.18 PHP + WP 3.1+ Updated Jan 21, 2025

editorfoliopressimageimageswysiwyg

A · Safe

CVEs total3

Unpatched0

Last CVEApr 9, 2025

Plugin page Download

Safety Verdict

Is Foliopress WYSIWYG Safe to Use in 2026?

Generally Safe

Score 90/100

Foliopress WYSIWYG has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Apr 9, 2025Updated 1yr ago

Risk Assessment

The foliopress-wysiwyg plugin v2.6.18 presents a mixed security posture. While it demonstrates some good practices like using prepared statements for all SQL queries and a moderate number of nonce and capability checks, significant concerns arise from its attack surface and vulnerability history. One AJAX handler is not protected by authentication checks, creating an immediate potential entry point for unauthorized actions. Furthermore, the taint analysis indicates a concerning number of flows with unsanitized paths, suggesting potential vulnerabilities even if no critical or high severity issues were immediately flagged in this scan. The plugin's history of three known medium-severity vulnerabilities, including Cross-Site Request Forgery and Cross-site Scripting, and notably, one unpatched vulnerability, strongly indicates a recurring pattern of insecure coding practices that have historically exposed users to risk. The prevalence of Cross-site Scripting vulnerabilities in the past is particularly worrying given the static analysis showing only 39% of outputs are properly escaped.

Key Concerns

Unprotected AJAX handler
High number of unsanitized paths in taint flows
Unpatched CVE
Vulnerability history shows common XSS and CSRF
Low percentage of properly escaped outputs
Use of dangerous function (shell_exec)

Vulnerabilities

3 published

Foliopress WYSIWYG Security Vulnerabilities

CVEs by Year

2 CVEs in 2014

2014

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-32610medium · 6.1Cross-Site Request Forgery (CSRF)

Foliopress WYSIWYG <= 2.6.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 9, 2025 Patched in 2.6.19 (398d)

WF-2b045cef-c17c-4e6e-ab84-c0466a5a90ff-foliopress-wysiwygmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Foliopress WYSIWYG < 2.6.16 - Cross-Site Scripting

May 25, 2014 Patched in 2.6.16 (3530d)

CVE-2014-1232medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Foliopress WYSIWYG < 2.6.8.5 - Cross-Site Scripting

Jan 3, 2014 Patched in 2.6.8.5 (3672d)

Version History

Foliopress WYSIWYG Release Timeline

v2.6.152 CVEs

CVE-2025-32610 WF-2b045cef-c17c-4e6e-ab84-c0466a5a90ff-foliopress-wysiwyg

Code Analysis

Analyzed Mar 16, 2026

Foliopress WYSIWYG Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

101

65 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_execif( $aspellret = shell_exec( $cmd )) {fckeditor\editor\dialog\fck_spellerpages\spellerpages\server-scripts\spellchecker.php:110

SQL Query Safety

100% prepared2 total queries

Output Escaping

39% escaped166 total outputs

Data Flows · Security

7 unsanitized

Data Flow Analysis

8 flows7 with unsanitized paths

LoadFCKEditor (foliopress-wysiwyg-class.php:750)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Foliopress WYSIWYG Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_fv_foliopress_ajax_pointersfoliopress-wysiwyg.php:73

authwp_ajax_fv_foliopress_ajax_pointersinclude\fp-api.php:43

WordPress Hooks 32

actionin_plugin_update_message-foliopress-wysiwyg/foliopress-wysiwyg.phpfoliopress-wysiwyg-class.php:205

filterthe_contentfoliopress-wysiwyg-class.php:1408

filterthe_contentfoliopress-wysiwyg-class.php:1412

actioninitfoliopress-wysiwyg.php:17

actionadmin_headfoliopress-wysiwyg.php:21

actionadmin_initfoliopress-wysiwyg.php:24

actioninitfoliopress-wysiwyg.php:26

actionadmin_headfoliopress-wysiwyg.php:27

actionadmin_menufoliopress-wysiwyg.php:28

actionadmin_noticesfoliopress-wysiwyg.php:29

actionedit_form_advancedfoliopress-wysiwyg.php:31

actionedit_page_formfoliopress-wysiwyg.php:32

actionsimple_edit_formfoliopress-wysiwyg.php:33

filterthe_editorfoliopress-wysiwyg.php:35

actionadmin_print_footer_scriptsfoliopress-wysiwyg.php:39

actionadmin_headfoliopress-wysiwyg.php:43

actionoption_posts_per_pagefoliopress-wysiwyg.php:46

filteruser_can_richeditfoliopress-wysiwyg.php:50

filterwp_editor_settingsfoliopress-wysiwyg.php:56

filtermedia_buttons_contextfoliopress-wysiwyg.php:59

actionadmin_print_scriptsfoliopress-wysiwyg.php:61

actioncontent_edit_prefoliopress-wysiwyg.php:62

filtercontent_save_prefoliopress-wysiwyg.php:64

actionadmin_menufoliopress-wysiwyg.php:67

actionadmin_menufoliopress-wysiwyg.php:68

filterwp_insert_postfoliopress-wysiwyg.php:70

filterthe_contentfoliopress-wysiwyg.php:71

actionimage_send_to_editorfoliopress-wysiwyg.php:75

actionimage_send_to_editorfoliopress-wysiwyg.php:76

filtermedia_view_settingsfoliopress-wysiwyg.php:77

actionadmin_enqueue_scriptsinclude\fp-api.php:42

actionadmin_print_footer_scriptsinclude\fp-api.php:279

Maintenance & Trust

Foliopress WYSIWYG Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJan 21, 2025

PHP min version

Downloads118K

Community Trust

Rating80/100

Number of ratings8

Active installs200

Alternatives

Foliopress WYSIWYG Alternatives

ThumbPress – Image Management Suite for Performance and Optimization

image-sizes

100

Disable Thumbnails, Regenerate Thumbnails, Compress Images, Convert to WebP, Find Unused and Large Images, Edit Images, and more with ThumbPress.

30K No CVEs

Thumbnail Upscale

thumbnail-upscale

Enables upscaling of thumbnails for small media attachments

4K No CVEs

Image Pro – Image resizing and media management done right

image-pro-wordpress-image-media-management-and-resizing-done-right

Upload, resize, add, change images instantly. Manage your media collection with ease and use it for any post or page. A new way of managing content!

200 No CVEs

Shutterstock

shutterstock

Insert Shutterstock's royalty-free content directly from the WordPress editor

200 No CVEs

Tinymce Thumbnail Gallery

tinymce-thumbnail-gallery

This plugin is a simple image gallery built into TinyMCE. Add media to your gallery easily and display thumbnails in a clean fashion.

80 1 CVE

Developer Profile

Foliopress WYSIWYG Developer Profile

FolioVision

19 plugins · 48K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

1098 days

View full developer profile

Detection Fingerprints

How We Detect Foliopress WYSIWYG

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/foliopress-wysiwyg/foliopress-wysiwyg.php/wp-content/plugins/foliopress-wysiwyg/fckeditor/editor/dialog/internal-link.php/wp-content/plugins/foliopress-wysiwyg/fckeditor/editor/skins/office2003/dialog.css/wp-content/plugins/foliopress-wysiwyg/fckeditor/fckconfig.js/wp-content/plugins/foliopress-wysiwyg/fckeditor/fckeditor.js/wp-content/plugins/foliopress-wysiwyg/fckeditor/fckstyles.xml/wp-content/plugins/foliopress-wysiwyg/fckeditor/editor/plugins/wordpress/fck_wordpress.js/wp-content/plugins/foliopress-wysiwyg/fckeditor/editor/plugins/table/fck_table.js+10 more

Script Paths

/wp-content/plugins/foliopress-wysiwyg/fckeditor/fckeditor.js/wp-content/plugins/foliopress-wysiwyg/fckeditor/editor/plugins/wordpress/fck_wordpress.js/wp-content/plugins/foliopress-wysiwyg/js/tinymce_override.js/wp-content/plugins/foliopress-wysiwyg/js/fv_tinymce.js

Version Parameters

foliopress-wysiwyg/style.css?ver=foliopress-wysiwyg/foliopress-wysiwyg.php?ver=foliopress-wysiwyg/js/fv_tinymce.js?ver=

HTML / DOM Fingerprints

CSS Classes

fp-wysiwyg-editor

HTML Comments

Data Attributes

data-fv-iddata-fv-langdata-fv-toolbardata-fv-dialogdata-fv-skin

JS Globals

FCKEDITORFOLIOpress_WYSIWYG

REST Endpoints

/wp-json/foliopress-wysiwyg/v1/settings

Shortcode Output

[foliopress_wysiwyg]

FAQ