[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdsGPRs5trQLqPfFgkKkSewEiPGI0KSOQ_C_O3YTIJT4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":55,"analysis":153,"fingerprints":265},"front-end-editor","Front-end Editor","2.3.1","scribu","https:\u002F\u002Fprofiles.wordpress.org\u002Fscribu\u002F","\u003Cp>Front-end Editor is a plugin that lets you make changes to your content \u003Cem>directly\u003C\u002Fem> from your site. No need to load the admin backend just to correct a typo.\u003C\u002Fp>\n\u003Cp>It makes the same \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FRoles_and_Capabilities\" rel=\"nofollow ugc\">capability\u003C\u002Fa> checks, so that if a user isn’t allowed to edit something in wp-admin, they aren’t allowed to edit it in the front-end either.\u003C\u002Fp>\n\u003Cp>You can edit posts, pages, custom post types, comments, widgets and many \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fscribu\u002Fwp-front-end-editor\u002Fwiki\u002FList-of-editable-elements\" rel=\"nofollow ugc\">more elements\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Goals:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>save as many trips to the backend as possible\u003C\u002Fli>\n\u003Cli>compatible with any theme, out of the box\u003C\u002Fli>\n\u003Cli>light and fast\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Support and development:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffront-end-editor\" rel=\"ugc\">Support\u003C\u002Fa> is handled by the lovely \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fdesignsimply\" rel=\"ugc\">designsimply\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>I am not developing the plugin anymore; only applying the patches that other people send via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fscribu\u002Fwp-front-end-editor\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Credits:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Faloha-editor.org\" rel=\"nofollow ugc\">Aloha Editor\u003C\u002Fa> for the fantastic WYSIWYG editing component\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fscribu\u002Fwp-front-end-editor\u002Fwiki\" rel=\"nofollow ugc\">\u003Cstrong>Documentation\u003C\u002Fstrong>\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fscribu.net\u002Fwordpress\u002Ffront-end-editor\" rel=\"nofollow ugc\">Plugin News\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fscribu.net\" rel=\"nofollow ugc\">Author’s Site\u003C\u002Fa>\u003C\u002Fp>\n","Edit content inline, without going to the admin area.",600,273075,80,23,"2013-07-23T01:02:00.000Z","3.6.1","3.2","",[20,21,22,23,24],"edit-in-place","editor","inline","visual","wysiwyg","http:\u002F\u002Fscribu.net\u002Fwordpress\u002Ffront-end-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffront-end-editor.2.3.1.zip",83,1,0,"2012-04-07 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2012-10019","front-end-editor-arbitrary-file-upload","Front-end Editor \u003C 2.3 - Arbitrary File Upload","The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.",null,"\u003C2.3","2.3","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2025-07-19 09:23:52",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff271c2e7-9d58-4dea-95d3-3ffc4ec7c3b2?source=api-prod",4851,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":48,"trust_score":53,"computed_at":54},20,27990,86,69,"2026-04-05T09:54:12.412Z",[56,78,98,118,135],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"black-studio-tinymce-widget","Black Studio TinyMCE Widget","2.7.3","Black Studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fblack-studio\u002F","\u003Cp>This plugin adds a new \u003Ccode>Visual Editor\u003C\u002Fcode> widget type that allows you to insert rich text and media objects in your sidebars with no hassle. With Black Studio TinyMCE Widget you will be able to edit your widgets in a WYSIWYG manner using the native WordPress TinyMCE editor, just like you do in posts and pages. And if you are a developer you may still switch back and forth from Visual to HTML mode.\u003C\u002Fp>\n\u003Cp>For years the default WordPress text widget has been very basic and it required HTML knowledge to add formatting and images\u002Fmedia to the text. This plugin was born in 2011 to overcome these limitations. After a long time, in June 2017, version 4.8 of WordPress finally introduced a new text widget that included the ability to manage text widgets with the visual editor. The new widget available in WordPress core could now be used as a basic replacement of Black Studio TinyMCE Widget, but the plugin still offers some additional features, so it remains a must-have for advanced users.\u003C\u002Fp>\n\u003Ch4>Basic Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add rich text widgets to your sidebars and edit them using the TinyMCE visual editor\u003C\u002Fli>\n\u003Cli>Switch between Visual mode and HTML mode (including Quicktags toolbar)\u003C\u002Fli>\n\u003Cli>Insert images, videos, and other media from WordPress Media Library\u003C\u002Fli>\n\u003Cli>Insert links to existing WordPress pages\u002Fposts or external resources\u003C\u002Fli>\n\u003Cli>Support for shortcodes, smilies and embed in widget text (including preview)\u003C\u002Fli>\n\u003Cli>Support for the Block-based Widgets Editor introduced with WordPress 5.8\u003C\u002Fli>\n\u003Cli>Support for Customizer with live preview and quick edit\u003C\u002Fli>\n\u003Cli>Support for widgets accessibility mode\u003C\u002Fli>\n\u003Cli>Compatible with multi-site (WordPress networks)\u003C\u002Fli>\n\u003Cli>Compatible with the most common multi-language plugins\u003C\u002Fli>\n\u003Cli>Compatible with Page Builder plugin by SiteOrigin\u003C\u002Fli>\n\u003Cli>Translations available in 20+ languages\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Features\u003C\u002Fh4>\n\u003Cp>These features are what makes this plugin better than the WordPress (4.8+) native widget:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Full featured TinyMCE Visual Editor (the same you have for pages and posts)\u003C\u002Fli>\n\u003Cli>Wide text area for an enhanced editing experience\u003C\u002Fli>\n\u003Cli>Compatible with 3rd party TinyMCE customization plugins (TinyMCE Advanced, WP Edit, …)\u003C\u002Fli>\n\u003Cli>Support for distraction-free (fullscreen) editing mode \u003C\u002Fli>\n\u003Cli>Option to “Automatically add paragraphs” to widget text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About the plugin\u003C\u002Fh4>\n\u003Cp>The story of the plugin was featured in a talk at WordCamp Europe 2018 in Belgrade.\u003Cbr \u002F>\nSee the video \u003Ca href=\"https:\u002F\u002Fwordpress.tv\u002F2018\u002F07\u002F11\u002Ffrancesco-canovi-marco-chiesi-once-upon-a-time-there-was-a-plugin\u002F\" rel=\"nofollow ugc\">Once upon a time, there was a plugin…\u003C\u002Fa> on WordPress.tv.\u003C\u002Fp>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.blackstudio.it\u002Fen\u002F\" rel=\"nofollow ugc\">Author’s web site\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.blackstudio.it\u002Fen\u002Fwordpress-plugins\u002Fblack-studio-tinymce-widget\u002F\" rel=\"nofollow ugc\">Plugin’s page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblack-studio-tinymce-widget\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblack-studio-tinymce-widget\" rel=\"ugc\">Support forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Follow us on \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fblackstudioita\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fblackstudiocomunicazione\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fblack-studio\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fblack-studio\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get involved\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Developers can contribute to the source code on our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fblack-studio\u002Fblack-studio-tinymce-widget\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Translators can contribute through the \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fblack-studio-tinymce-widget\" rel=\"nofollow ugc\">Official WordPress Translation platform\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Users can contribute by leaving a 5 stars \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fblack-studio-tinymce-widget#postform\" rel=\"ugc\">review\u003C\u002Fa> or making a \u003Ca href=\"https:\u002F\u002Fwww.blackstudio.it\u002Fen\u002Fwordpress-plugins\u002Fblack-studio-tinymce-widget\u002F\" rel=\"nofollow ugc\">donation\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","The visual editor widget for WordPress.",200000,11110927,96,192,"2026-03-08T20:09:00.000Z","6.9.4","3.1","5.2",[21,73,23,74,24],"tinymce","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblack-studio-tinymce-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblack-studio-tinymce-widget.2.7.3.zip",100,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":66,"num_ratings":88,"last_updated":89,"tested_up_to":69,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":96,"download_link":97,"security_score":77,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wysiwyg-widgets","Widget Content Blocks","2.3.11","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Ch4>WYSIWYG Widgets or rich text widgets\u003C\u002Fh4>\n\u003Cp>This plugin adds so called “Widget Blocks” to your website which you can easily display in your widget areas.\u003C\u002Fp>\n\u003Cp>You can create or edit the widget blocks just like you would edit any post or page, with all the default WordPress editing functions enabled. This way, you can use the visual editor that comes with WordPress to format your widgets. You can even use media uploading to insert images and so forth.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create beautiful widgets without having to write HTML code\u003C\u002Fli>\n\u003Cli>Easily insert media into your widget content\u003C\u002Fli>\n\u003Cli>Add headings, lists, blockquotes and other HTML elements to your widgets using the WordPress visual editor\u003C\u002Fli>\n\u003Cli>Use WP Links dialog to easily link to any of your pages or posts from a widget\u003C\u002Fli>\n\u003Cli>Use shortcodes inside your widgets\u003C\u002Fli>\n\u003Cli>Translation ready\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Translators\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dutch (nl_NL) – \u003Ca href=\"https:\u002F\u002Fdannyvankooten.com\u002F\" rel=\"nofollow ugc\">Danny van Kooten\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) – \u003Ca href=\"http:\u002F\u002Fwebhostinghub.com\u002F\" rel=\"nofollow ugc\">Maria Ramos – WebHostingHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian (it_IT) – \u003Ca href=\"http:\u002F\u002Fwww.dangelos.it\u002F\" rel=\"nofollow ugc\">Tiziano D’Angelo – Studio D’Angelo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German (de_DE) – \u003Ca href=\"http:\u002F\u002Fatelier.tag-eins.de\u002F\" rel=\"nofollow ugc\">Christian Günther\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">gettext PO and MO files\u003C\u002Fa> to me so that I can bundle it into WYSIWYG Widgets. You can \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwysiwyg-widgets\u002Ftrunk\u002Flanguages\u002Fwysiwyg-widgets.po\" rel=\"nofollow ugc\">download the latest PO file here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>More information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdannyvankooten.com\u002Fwordpress-plugins\u002Fwysiwyg-widgets\u002F\" rel=\"nofollow ugc\">WYSIWYG Widgets\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Other \u003Ca href=\"https:\u002F\u002Fdannyvankooten.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa> by the same author\u003C\u002Fli>\n\u003C\u002Ful>\n","Edit widget content using the default WordPress visual editor and media uploading functionality. Create widgets like you would create posts or pages.",10000,335364,60,"2026-02-27T12:48:00.000Z","4.1","7.4",[93,94,74,95,24],"rich-text","visual-editor","widgets","https:\u002F\u002Fdannyvankooten.com\u002Fwordpress-plugins\u002Fwysiwyg-widgets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwysiwyg-widgets.2.3.11.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":77,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":18,"tags":112,"homepage":115,"download_link":116,"security_score":117,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"disable-visual-editor-wysiwyg","Disable Visual Editor WYSIWYG","1.7.2","stanxp","https:\u002F\u002Fprofiles.wordpress.org\u002Fstanxp\u002F","\u003Cp>This plugin will disable the visual editor for selected page(s)\u002Fpost(s)\u002Fcustom post types. The idea behind this came after i had to keep the html intact by the tinymce editor whenever i switched back to Visual tab in the editor.\u003C\u002Fp>\n","This plugin will disable the visual editor for selected page\u002Fpost..",2000,44636,22,"2018-02-21T18:54:00.000Z","4.9.29","3.0.0",[113,114,21,23,24],"admin","disable","http:\u002F\u002Fstanxp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-visual-editor-wysiwyg.zip",85,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":77,"num_ratings":128,"last_updated":129,"tested_up_to":110,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":18,"download_link":134,"security_score":117,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"tinywym-editor","tinyWYM Editor","1.4.1","arickards","https:\u002F\u002Fprofiles.wordpress.org\u002Farickards\u002F","\u003Cp>tinyWYM Editor was created to help inexperienced WordPress users create cleaner, more semantic markup, and to avoid some of the pitfalls of WordPress’s standard WYSIWYG editor. It does this by labelling and highlighting all HTML elements in the editor, creating a visual representation of the HTML being generated.\u003C\u002Fp>\n\u003Cp>tinyWYM Editor also gives more experience users all the control and flexibility of the text editor without having to leave the visual editor. Create and edit any HTML element, add attributes, and wrap or unwrap elements all from the visual editor.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftinywym-editor\u002Fscreenshots\u002F\" title=\"Screenshots\" rel=\"ugc\">Screenshots\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftinywym-editor\u002Ffaq\u002F\" title=\"Frequently Asked Questions\" rel=\"ugc\">FAQ\u003C\u002Fa> sections for details on how to use tinyWYM Editor.\u003C\u002Fp>\n","Convert WordPress's WYSIWYG editor into a WYSIWYM editor. Add and edit any HTML tag and attribute from the visual editor.",1000,67512,6,"2018-03-12T04:01:00.000Z","4.2.0",[73,94,132,24,133],"wp-editor","wysiwym","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftinywym-editor.zip",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":77,"downloaded":143,"rating":144,"num_ratings":145,"last_updated":146,"tested_up_to":147,"requires_at_least":148,"requires_php":18,"tags":149,"homepage":151,"download_link":152,"security_score":117,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wysiwyg-inline-code-command","WYSIWYG Inline Code Command","2.0","pkgw","https:\u002F\u002Fprofiles.wordpress.org\u002Fpkgw\u002F","\u003Cp>The WYSIWYG Inline Code Command plugin adds an “inline code” command to the\u003Cbr \u002F>\nWYSIWYG (visual) post and page editor. It’s just like the “Bold” or “Italics”\u003Cbr \u002F>\ncommands, except that it makes your text look like code — usually, this means\u003Cbr \u002F>\nthat it’s drawn in a monospace font \u003Ccode>like this\u003C\u002Fcode>. The comand is accessible as a\u003Cbr \u002F>\nbutton and with the keybinding \u003Ccode>Alt-Shift-C\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>The unmodified editor does provide a \u003Ccode>pre\u003C\u002Fcode> style that’s somewhat similar, but\u003Cbr \u002F>\nit’s a \u003Cem>block\u003C\u002Fem> style, which means that you can only apply it to whole\u003Cbr \u002F>\nparagraphs. I wrote this plugin because I found that I often want to apply\u003Cbr \u002F>\ncode styling to shorter pieces of computer-y content, such as the\u003Cbr \u002F>\n    Alt-Shift-C above.\u003C\u002Fp>\n\u003Cp>I encourage you to provide feedback about this plugin. Entries on the\u003Cbr \u002F>\ncompatibility matrix are especially helpful so that people can feel confident\u003Cbr \u002F>\ninstalling it. Thanks!\u003C\u002Fp>\n\u003Cp>The WYSIWIG Inline Code Command plugin provides precisely this one feature, so\u003Cbr \u002F>\ndon’t expect it to be updated very often. One issue that I’m aware but don’t\u003Cbr \u002F>\nknow quite how to fix is that the user-visible text describing the command in\u003Cbr \u002F>\nthe editor isn’t internationalized.\u003C\u002Fp>\n","Adds a button and keybinding to the WYSIWYG (visual) editor to mark text as inline code.",8783,94,7,"2015-01-02T21:41:00.000Z","4.1.42","3.0",[150,21,23,24],"code","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwysiwyg-inline-code-command\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwysiwyg-inline-code-command.zip",{"attackSurface":154,"codeSignals":213,"taintFlows":251,"riskAssessment":252,"analyzedAt":264},{"hooks":155,"ajaxHandlers":199,"restRoutes":209,"shortcodes":210,"cronEvents":211,"entryPointCount":212,"unprotectedCount":28},[156,162,166,170,174,181,185,190,195],{"type":157,"name":158,"callback":159,"priority":29,"file":160,"line":161},"action","front_end_editor_fields","fee_register_defaults","front-end-editor.php",50,{"type":157,"name":163,"callback":164,"file":165,"line":50},"template_redirect","_init","php\\core.php",{"type":157,"name":167,"callback":168,"priority":77,"file":165,"line":169},"wp_head","add_filters",29,{"type":157,"name":171,"callback":172,"file":165,"line":173},"wp_footer","scripts",30,{"type":175,"name":176,"callback":177,"priority":178,"file":179,"line":180},"filter","media_send_to_editor","_capture_html",99,"php\\fields\\other.php",283,{"type":157,"name":182,"callback":182,"file":183,"line":184},"post_class","php\\fields\\post.php",15,{"type":175,"name":186,"callback":187,"priority":188,"file":183,"line":189},"post_meta","prewrap",9,342,{"type":175,"name":191,"callback":192,"file":193,"line":194},"sidebars_widgets","_hack","php\\fields\\widget.php",44,{"type":157,"name":167,"callback":196,"file":197,"line":198},"closure","test.php",4,[200,205],{"action":4,"nopriv":201,"callback":202,"hasNonce":203,"hasCapCheck":201,"file":165,"line":204},false,"ajax_response",true,18,{"action":206,"nopriv":201,"callback":207,"hasNonce":201,"hasCapCheck":201,"file":179,"line":208},"fee_image_insert","image_insert",278,[],[],[],2,{"dangerousFunctions":214,"sqlUsage":215,"outputEscaping":222,"fileOperations":28,"externalRequests":29,"nonceChecks":28,"capabilityChecks":249,"bundledLibraries":250},[],{"prepared":29,"raw":212,"locations":216},[217,220],{"file":179,"line":218,"context":219},228,"$wpdb->query() with variable interpolation",{"file":179,"line":221,"context":219},294,{"escaped":212,"rawEcho":223,"locations":224},11,[225,229,231,233,234,236,238,241,243,245,247],{"file":226,"line":227,"context":228},"admin\\admin.php",74,"raw output",{"file":226,"line":230,"context":228},79,{"file":226,"line":232,"context":228},125,{"file":165,"line":77,"context":228},{"file":165,"line":235,"context":228},156,{"file":165,"line":237,"context":228},160,{"file":239,"line":240,"context":228},"php\\template-tags.php",16,{"file":239,"line":242,"context":228},64,{"file":239,"line":244,"context":228},87,{"file":197,"line":246,"context":228},28,{"file":197,"line":248,"context":228},72,10,[],[],{"summary":253,"deductions":254},"The \"front-end-editor\" v2.3.1 plugin presents a mixed security posture.  While it demonstrates some good practices, such as a relatively small attack surface with only two AJAX entry points and a history of zero currently unpatched CVEs, there are significant concerns.  Notably, one of the two AJAX handlers lacks proper authentication checks, creating a direct vulnerability pathway.  Furthermore, the plugin uses raw SQL queries without prepared statements, which is a common vector for SQL injection attacks.  The low percentage of properly escaped output also indicates potential for cross-site scripting (XSS) vulnerabilities.  Although taint analysis showed no critical or high-severity flows, this is likely due to the limited scope of the analysis (0 flows analyzed), not necessarily the absence of such vulnerabilities.  The plugin's historical critical vulnerability related to unrestricted file uploads highlights a past weakness that, while patched, suggests a potential for similar insecure handling of user-supplied data.  Overall, the lack of authentication on an AJAX handler and the insecure handling of SQL queries are critical immediate concerns, outweighing the strengths in its vulnerability history and minimal external dependencies.",[255,257,259,262],{"reason":256,"points":249},"AJAX handler without auth checks",{"reason":258,"points":249},"SQL queries without prepared statements",{"reason":260,"points":261},"Low percentage of output escaping",5,{"reason":263,"points":184},"Historical critical vulnerability (Unrestricted Upload)","2026-03-16T19:32:35.549Z",{"wat":266,"direct":280},{"assetPaths":267,"generatorPatterns":272,"scriptPaths":273,"versionParams":275},[268,269,270,271],"\u002Fwp-content\u002Fplugins\u002Ffront-end-editor\u002Fadmin\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Ffront-end-editor\u002Flib\u002Fscb\u002Fjs\u002Fscb.js","\u002Fwp-content\u002Fplugins\u002Ffront-end-editor\u002Fjs\u002Ffee-editor.js","\u002Fwp-content\u002Fplugins\u002Ffront-end-editor\u002Fjs\u002Ffee-editor-tinymce.js",[],[274,270,271],"\u002Fwp-content\u002Fplugins\u002Ffront-end-editor\u002Fadmin\u002Fadmin.js",[276,277,278,279],"front-end-editor\u002Fadmin\u002Fadmin.css?ver=","front-end-editor\u002Flib\u002Fscb\u002Fjs\u002Fscb.js?ver=","front-end-editor\u002Fjs\u002Ffee-editor.js?ver=","front-end-editor\u002Fjs\u002Ffee-editor-tinymce.js?ver=",{"cssClasses":281,"htmlComments":297,"htmlAttributes":302,"restEndpoints":307,"jsGlobals":308,"shortcodeOutput":311},[282,283,284,285,286,287,288,289,290,291,292,293,294,295,296],"fee-editor-wrapper","fee-editor-field","fee-editor-title","fee-editor-content","fee-editor-buttons","fee-editor-save-button","fee-editor-cancel-button","fee-rich-editor","fee-taxonomy-select","fee-meta-input","fee-image-upload","fee-admin-field-setting","fee-rich","fee-group-post","fee-taxonomy-ui",[298,299,300,301],"\u003C!-- Begin Front-end Editor -->","\u003C!-- End Front-end Editor -->","\u003C!-- Begin Front-end Editor Field -->","\u003C!-- End Front-end Editor Field -->",[303,304,305,306],"data-fee-field","data-fee-post-id","data-fee-field-name","data-fee-editable",[],[309,310],"window.fee_editor_params","window.FEE_Editor",[312],"\u003Cdiv class=\"front-end-editor\">"]