[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQ7d9A8No6X9W36krzBxfzJWd_W7woHpHWqESj3FVvxM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":220},"html-mode-locker","HTML Mode Locker","0.5","Max Chirkov","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaxchirkov\u002F","\u003Cp>We all experienced frustration of using WYSIWYG editor especially when switching between Visual and HTML modes. If you have a need to use Visual editor in your day-to-day operations, but you also need the ability to have some posts or pages in pure HTML format – HTML Mode Locker allows you to do that on per-post basis.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author: Max Chirkov\u003C\u002Fli>\n\u003Cli>Author URI: \u003Ca href=\"http:\u002F\u002Fsimplerealtytheme.com\" title=\"Simple Realty Themes\" rel=\"nofollow ugc\">http:\u002F\u002Fsimplerealtytheme.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Copyright: Released under GNU GENERAL PUBLIC LICENSE\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds and option to lock post editor in HTML Mode on selected post types on per-item basis.",200,7545,84,6,"2014-01-13T03:23:00.000Z","3.7.41","3.0","",[20,21,22],"editor","html","html-mode","http:\u002F\u002Fsimplerealtytheme.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-mode-locker.0.5.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":13,"computed_at":35},"maxchirkov",2,300,30,"2026-04-04T09:05:27.967Z",[37,57,80,100,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":55,"download_link":56,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"preserved-html-editor-markup-plus","Preserved HTML Editor Markup Plus","1.5.4","J-Ro","https:\u002F\u002Fprofiles.wordpress.org\u002Fj-ro\u002F","\u003Cp>This plugin preserves the user-generated HTML markup in the TinyMCE editor.  Unlike other plugins this one allows developers to work in the HTML tab AND end-users to work in the WYSIWYG Visual tab at the same time!  No longer will your HTML markup be completely munged into an unrecognizable form when you switch between those tabs.  And you don’t have to hang your users\u002Feditors out to dry when you hand off the project with a disabled Visual tab.\u003C\u002Fp>\n\u003Ch4>IMPORTANT: Please read the installation instructions carefully.  If you have existing content it will not render properly after activating this plugin until you use the Fix It Tools.\u003C\u002Fh4>\n\u003Cp>(One user didn’t read or follow these steps and panicked thinking I ruined their website.)\u003C\u002Fp>\n\u003Cp>It also supports HTML5 Block Anchor tags in addition to other HTML5 elements, something that is currently not supported in WordPress via any existing plugins.\u003C\u002Fp>\n","Preserves HTML and developer edits in HTML AND WYSIWYG tab.  Supports inline scripts\u002Fcss, JavaScript code blocks and HTML5 content editing",4000,49094,36,"2019-12-11T04:50:00.000Z","5.3.21","3.2.1",[20,21,52,53,54],"markup","white-space","wpautop","http:\u002F\u002Fwww.marcuspope.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserved-html-editor-markup-plus.1.5.4.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"always-edit-in-html","Always Edit In HTML","2.4.6","DeveloperWil","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeveloperwil\u002F","\u003Cp>If you find yourself entering HTML code into the WordPress page\u002Fpost editor only to have it reformatted or worse removed when in Visual mode then here is the solution for you.\u003C\u002Fp>\n\u003Cp>Always Edit In HTML is a WordPress plugin that removes the “Visual” tab in the page\u002Fpost editor and opens up your page or post in HTML mode, preserving your HTML code.\u003C\u002Fp>\n\u003Cp>\u003Cem>Why would you need this plugin?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>The WordPress page\u002Fpost editor has two tabs at the top right – “Visual” and “Text”.\u003C\u002Fp>\n\u003Col>\n\u003Cli>The Text tab allows you to enter HTML code onto the page or post and when saving or publishing the post it preserves your code just the way you entered it.\u003C\u002Fli>\n\u003Cli>The Visual tab has all the fancy writing style tools but when you save or publish your page or post, WordPress parses and formats the content which may results in your HTML code not working or even being removed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>WordPress does not remember the tab option for each page or post.  It will open up a page or post using whichever Visual or Text tab you last used.\u003C\u002Fp>\n\u003Cp>This means that if you were editing a post using the Visual tab, saved it and then edited the page or post you had entered the HTML code into, that page would open in Visual mode and you could loose your HTML code.\u003C\u002Fp>\n\u003Cp>If only there was a plugin that gave you the option to always open up a page or post in HTML\u003C\u002Fp>\n\u003Cp>Ta da!  Here’s one.\u003C\u002Fp>\n\u003Cp>Note: For WordPress 5.x users, this plugin will still work when the Classic Editor plugin is installed and enabled.  It does not work with the Gutenberg block editor.\u003C\u002Fp>\n\u003Ch4>Plugin Page\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.limecanvas.com\u002Fwordpress-plugins\u002Falways-edit-in-html-wordpress-plugin\u002F\" title=\"Always Edit In HTML WordPress Plugin\" rel=\"nofollow ugc\">Always Edit In HTML\u003C\u002Fa>\u003C\u002Fp>\n","Always opens up a specific page or post in HTML mode to preserve HTML code (classic editor only).",1000,87352,88,7,"2024-07-04T01:28:00.000Z","6.6.5","5.2","7.4",[58,74,75,22,76],"edit-post-in-html","html-edit","html-tab","https:\u002Fzeropointdevelopment.com\u002Fwordpress-plugins\u002Falways-edit-in-html-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falways-edit-in-html.2.4.6.zip",92,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":65,"downloaded":88,"rating":89,"num_ratings":14,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":18,"download_link":99,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"cf7-ace-syntax-highlighting","Contact Form 7 Syntax Highlighting","0.2.4","Joris van Montfort","https:\u002F\u002Fprofiles.wordpress.org\u002Fjorisvanmontfort\u002F","\u003Cp>Are you using HTML code in your Contact Form 7 forms and email bodies? Ace syntax highlighting enhanches the Contact Form 7 backend and makes it easy to code HTML for complex forms.\u003C\u002Fp>\n","Adds syntax higlighting to the Contact Form 7 admin screens. Requires the Contact Form 7 plugin.",7134,100,"2020-05-19T11:47:00.000Z","5.4.19","4.0.1",[94,95,96,97,98],"contact-form-7","contact-form-7-form-editor","contact-form-7-html-editor","form-textarea","html-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-ace-syntax-highlighting.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":65,"downloaded":108,"rating":89,"num_ratings":32,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":72,"tags":112,"homepage":116,"download_link":117,"security_score":89,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"cf7-coder","HTML Editor for Contact Form 7","1.0.1","Wow-Company","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcalc\u002F","\u003Cp>Contact Form 7 plugin allows editing forms with a standard textarea. This addon adds an HTML editor with code highlighter to each contact form and provides many useful options to enhance your forms.\u003C\u002Fp>\n\u003Ch4>Editor Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>HTML Editor\u003C\u002Fstrong> with syntax highlighting powered by CodeMirror\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dark Theme\u003C\u002Fstrong> (Material) support for comfortable editing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-close\u003C\u002Fstrong> brackets and tags\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code folding\u003C\u002Fstrong> and line numbers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search and replace\u003C\u002Fstrong> functionality (Ctrl+F)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Form Behavior Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Test Mode\u003C\u002Fstrong> – Hide form from non-administrators for testing purposes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Auto Tags\u003C\u002Fstrong> – Remove auto-added p and br tags from form output\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect After Submit\u003C\u002Fstrong> – Redirect users to a custom URL after successful submission\n\u003Cul>\n\u003Cli>Support for ACF fields to get dynamic redirect URL from current page\u003C\u002Fli>\n\u003Cli>Option to open redirect URL in new tab\u003C\u002Fli>\n\u003Cli>Option to force file download\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Form After Submit\u003C\u002Fstrong> – Hide the form and show only success message\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable Submit Button\u003C\u002Fstrong> – Prevent double submissions by disabling button during form submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pre-fill Fields from URL\u003C\u002Fstrong> – Auto-fill form fields from URL parameters (e.g., ?your-email=test@example.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GA\u002FGTM Event\u003C\u002Fstrong> – Send custom event to Google Analytics\u002FGTM dataLayer on successful submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scroll to Message\u003C\u002Fstrong> – Automatically scroll to success\u002Ferror message after form submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-hide Success Message\u003C\u002Fstrong> – Automatically hide success message after specified seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Refill\u003C\u002Fstrong> – Clear form fields after validation error\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Performance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Conditional Script Loading\u003C\u002Fstrong> – Load CF7 scripts and styles only on pages with contact form shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To improve the plugin’s functions and add new functions, write to us on the support \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcf7-coder\u002F\" rel=\"ugc\">forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Search for answers and ask your questions at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcf7-coder\u002F\" rel=\"ugc\">forum\u003C\u002Fa> or send requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwow-company\u002Fcf7-coder\u002Fissues\" rel=\"nofollow ugc\">github\u003C\u002Fa>.\u003C\u002Fp>\n","Add HTML editor to Contact Form 7 with code highlighter and extended form options.",10931,"2026-01-26T07:25:00.000Z","6.9.4","5.0",[113,114,94,98,115],"cf7","code-editor","redirect","https:\u002F\u002Fwordpress.org\u002Fcf7-coder","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-coder.1.0.1.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":89,"num_ratings":128,"last_updated":129,"tested_up_to":110,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":18,"download_link":136,"security_score":89,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"protect-schemaorg-markup-in-html-editor","Protect schema.org markup in HTML editor","0.6","Ecwid by Lightspeed Ecommerce Shopping Cart","https:\u002F\u002Fprofiles.wordpress.org\u002Fecwid\u002F","\u003Cp>WordPress HTML editor (tinyMCE) treats schema.org attributes like itemscope\u002Fitemtype\u002Fitemprop as invalid HTML attributes and strips them when you save the post or page content. This plugin alters this behavior and prevent the WordPress HTML editor from removing the schema.org\u002Fmicrodata markup.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>@azaozz suggested the solution. See the issue discussion here: https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F27931\u003C\u002Fp>\n","Easy tool to stop HTML editor from removing schema.org\u002Fmicrodata tags from post or page content.",800,18329,5,"2025-12-01T06:20:00.000Z","4.0",[98,132,133,134,135],"microdata","rich-snippets","schema-org","tinymce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-schemaorg-markup-in-html-editor.0.6.zip",{"attackSurface":138,"codeSignals":182,"taintFlows":212,"riskAssessment":213,"analyzedAt":219},{"hooks":139,"ajaxHandlers":172,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":181,"unprotectedCount":26},[140,146,151,154,159,163,167],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","admin_enqueue_scripts","enqueue","Class_Pointers.php",9,{"type":141,"name":147,"callback":148,"priority":149,"file":144,"line":150},"admin_print_footer_scripts","print_scripts",99,24,{"type":141,"name":152,"callback":152,"file":144,"line":153},"admin_head",25,{"type":141,"name":155,"callback":156,"file":157,"line":158},"admin_init","html_mode_lock_settings_api_init","html-mode-locker.php",17,{"type":141,"name":160,"callback":161,"file":157,"line":162},"add_meta_boxes","html_mode_lock_meta_box",54,{"type":141,"name":164,"callback":165,"file":157,"line":166},"save_post","html_mode_lock_save_postdata",56,{"type":168,"name":169,"callback":170,"file":157,"line":171},"filter","user_can_richedit","html_mode_lock_on",134,[173],{"action":174,"nopriv":175,"callback":174,"hasNonce":176,"hasCapCheck":176,"file":157,"line":177},"html_mode_lock_set_ignore",false,true,157,[],[],[],1,{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":26,"externalRequests":26,"nonceChecks":32,"capabilityChecks":210,"bundledLibraries":211},[],{"prepared":26,"raw":26,"locations":185},[],{"escaped":26,"rawEcho":187,"locations":188},10,[189,192,194,196,198,200,202,204,206,208],{"file":144,"line":190,"context":191},125,"raw output",{"file":144,"line":193,"context":191},145,{"file":144,"line":195,"context":191},146,{"file":144,"line":197,"context":191},148,{"file":144,"line":199,"context":191},156,{"file":144,"line":201,"context":191},168,{"file":144,"line":203,"context":191},170,{"file":144,"line":205,"context":191},174,{"file":157,"line":207,"context":191},49,{"file":157,"line":209,"context":191},90,3,[],[],{"summary":214,"deductions":215},"The \"html-mode-locker\" plugin v0.5 presents a generally good security posture with several strong practices in place. The absence of known CVEs and a lack of critical or high-severity taint flows are significant positives, suggesting the plugin has a clean history and the code may be robust against common attack vectors. The plugin also demonstrates good internal security by utilizing prepared statements for all SQL queries and implementing nonce and capability checks for its entry points, ensuring proper authorization and preventing common Cross-Site Request Forgery (CSRF) issues. The attack surface is also minimal, with only one AJAX handler and no exposed REST API routes, shortcodes, or cron events.\n\nHowever, a notable concern arises from the static analysis indicating that 0% of output is properly escaped. This means that any data being displayed back to the user, especially if it originates from user input or external sources, is not being sanitized, creating a high risk for Cross-Site Scripting (XSS) vulnerabilities. While there are no direct evidence of exploitable taint flows in the provided data, the lack of output escaping creates a fertile ground for XSS attacks to be chained with other potential weaknesses that might not be immediately apparent. The vulnerability history is clean, but this does not negate the immediate risk posed by unescaped output.\n\nIn conclusion, the plugin has a strong foundation in terms of authorization, SQL handling, and a small attack surface. Nevertheless, the complete lack of output escaping is a critical security oversight that significantly elevates the risk profile. While the plugin's history is reassuring, this one weakness is substantial and requires immediate attention to prevent potential XSS attacks.",[216],{"reason":217,"points":218},"Unescaped output (0% escaped)",8,"2026-03-16T20:14:01.196Z",{"wat":221,"direct":230},{"assetPaths":222,"generatorPatterns":225,"scriptPaths":226,"versionParams":227},[223,224],"\u002Fwp-content\u002Fplugins\u002Fhtml-mode-locker\u002Fcss\u002Fpointer.css","\u002Fwp-content\u002Fplugins\u002Fhtml-mode-locker\u002Fjs\u002Fpointers.js",[],[224],[228,229],"html-mode-locker\u002Fcss\u002Fpointer.css?ver=","html-mode-locker\u002Fjs\u002Fpointers.js?ver=",{"cssClasses":231,"htmlComments":233,"htmlAttributes":237,"restEndpoints":243,"jsGlobals":244,"shortcodeOutput":246},[232],"html-mode-locker-settings",[234,235,236],"\u003C!-- HTML Mode Locker metabox will appear on selected post types editor screen. -->","\u003C!-- About This Tour -->","\u003C!-- Plugin Updates -->",[238,239,240,241,242],"post_type","id=\"html-mode-lock\"","name=\"html_mode_lock\"","id=\"html-mode-locker-settings\"","data-pointer",[],[245],"window.html_mode_lock_pointers",[]]