Does Monsters Editor for WP Super Edit have any unpatched vulnerabilities?

Yes — Monsters Editor for WP Super Edit currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Monsters Editor for WP Super Edit compatible with WordPress 2.3?

According to WordPress.org data, Monsters Editor for WP Super Edit 1.1 has been tested up to WordPress 2.3. Check the plugin's changelog for the latest compatibility information.

How often is Monsters Editor for WP Super Edit updated?

Monsters Editor for WP Super Edit was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Monsters Editor for WP Super Edit's security score?

Monsters Editor for WP Super Edit has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Monsters Editor for WP Super Edit Security & Risk Analysis

wordpress.org/plugins/monsters-editor-10-for-wp-super-edit

Monsters Editor (MsE) brings the magic of Fckeditor back to TinyMCE.

30 active installs v1.1 PHP + WP 2.1+ Updated Unknown

editorfckeditorformattingpostwysiwyg

B · Generally Safe

CVEs total1

Unpatched1

Last CVEAug 22, 2012

Plugin page Download

Safety Verdict

Is Monsters Editor for WP Super Edit Safe to Use in 2026?

Mostly Safe

Score 77/100

Monsters Editor for WP Super Edit is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Aug 22, 2012

Risk Assessment

This plugin exhibits a significant security risk due to multiple alarming indicators from the static analysis. The absence of any authentication or capability checks on all identified entry points is a major concern, leaving the plugin vulnerable to unauthorized access and manipulation. The extensive use of dangerous functions like shell_exec, exec, and unserialize, combined with a very low percentage of properly escaped output and a high number of file operations, suggests a high potential for remote code execution and other severe vulnerabilities.

The taint analysis further exacerbates these concerns, with all analyzed flows showing unsanitized paths and one critical severity flow. This indicates that user-supplied input could be directly influencing sensitive operations, leading to exploits. The plugin's vulnerability history, including a known critical CVE for unrestricted file uploads, reinforces the pattern of severe security weaknesses. While the plugin has no external HTTP requests, its internal code structure presents a substantial risk.

In conclusion, the "monsters-editor-10-for-wp-super-edit" v1.1 plugin has a very poor security posture. The complete lack of input validation and authorization on its entry points, coupled with the presence of dangerous functions and critical taint flows, makes it highly susceptible to exploitation. The historical critical vulnerability also points to recurring security flaws. Despite having no external network exposure, the internal code weaknesses and lack of protective measures pose an immediate and significant threat.

Key Concerns

Unpatched critical CVE present
Critical severity taint flow
All taint flows with unsanitized paths
Zero nonce checks
Zero capability checks
High number of dangerous functions
Low percentage of properly escaped output
High number of file operations
Low percentage of SQL using prepared statements

Vulnerabilities

Monsters Editor for WP Super Edit Security Vulnerabilities

CVEs by Year

1 CVE in 2012 · unpatched

2012

Patched Has unpatched

Severity Breakdown

Critical

1 total CVE

WF-a2f8c71d-ad19-4265-8d33-3b0e7dbbf4c2-monsters-editor-10-for-wp-super-editcritical · 9.8Unrestricted Upload of File with Dangerous Type

Monsters Editor for WP Super Edit <= 1.1 - Arbitrary File Upload

Aug 22, 2012Unpatched

Code Analysis

Analyzed Mar 16, 2026

Monsters Editor for WP Super Edit Code Analysis

Dangerous Functions

Raw SQL Queries

30 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

279

External Requests

Bundled Libraries

Dangerous Functions Found

shell_execif( $aspellret = shell_exec( $cmd )) {mse\fckeditor\editor\dialog\fck_spellerpages\spellerpages\server-scripts\spellchecker.php:98

execexec('unzip -l "'.$dir.$file->name.'"',$arr,$res);mse\fckeditor\editor\plugins\kfm\includes\files.php:48

execexec('unzip -o "'.$dir.$file->name.'" -x -d "'.$dir.'"',$arr,$res);mse\fckeditor\editor\plugins\kfm\includes\files.php:54

execexec('cd "'.$rootdir.'" && zip -D "'.$zipfile.'" "'.join('" "',$arr).'"',$arr,$res);mse\fckeditor\editor\plugins\kfm\includes\files.php:388

execexec(IMAGEMAGICK_PATH.' "'.$from.'" -'.$action.' "'.$to.'"',$arr,$retval);mse\fckeditor\editor\plugins\kfm\includes\image.class.php:138

shell_execreturn trim(shell_exec('file -bi '.escapeshellarg($f)));mse\fckeditor\editor\plugins\kfm\initialise.php:270

popen$cpp = popen("/usr/bin/cpp $tmpfile", "r");mse\fckeditor\editor\plugins\kfm\pear\OS\Guess.php:248

create_functionarray_walk($method, create_function('$a,&$b', '$b = strtolower($b);'));mse\fckeditor\editor\plugins\kfm\pear\PEAR\Autoloader.php:102

exec$prefix = exec("php-config --prefix");mse\fckeditor\editor\plugins\kfm\pear\PEAR\Builder.php:351

popen$pp = @popen("$command 2>&1", "r");mse\fckeditor\editor\plugins\kfm\pear\PEAR\Builder.php:415

preg_replace(/e)preg_replace('/@([a-z0-9_-]+)@/e'mse\fckeditor\editor\plugins\kfm\pear\PEAR\Command\Package.php:1098

preg_replace(/e)preg_replace('/@([a-z0-9_-]+)@/e'mse\fckeditor\editor\plugins\kfm\pear\PEAR\Command\Package.php:1101

popen$fp = popen($command, "r");mse\fckeditor\editor\plugins\kfm\pear\PEAR\Command\Package.php:450

popen$fp = popen($cmd, "r");mse\fckeditor\editor\plugins\kfm\pear\PEAR\Command\Package.php:528

popen$gpg = popen("gpg --batch --passphrase-fd 0 --armor --detach-sign --output $tmpdir/package.sig $tmpdmse\fckeditor\editor\plugins\kfm\pear\PEAR\Command\Package.php:708

create_function$info[$key][$i] = array_map(create_function('$a',mse\fckeditor\editor\plugins\kfm\pear\PEAR\Command\Registry.php:509

unserialize$data = unserialize($contents);mse\fckeditor\editor\plugins\kfm\pear\PEAR\Config.php:1003

unserialize$data = unserialize(file_get_contents($this->_depdb));mse\fckeditor\editor\plugins\kfm\pear\PEAR\DependencyDB.php:509

unserialize$data = unserialize(fread($fp, filesize($this->_depdb)));mse\fckeditor\editor\plugins\kfm\pear\PEAR\DependencyDB.php:511

systemsystem('stty -echo');mse\fckeditor\editor\plugins\kfm\pear\PEAR\Frontend\CLI.php:353

systemsystem('stty echo');mse\fckeditor\editor\plugins\kfm\pear\PEAR\Frontend\CLI.php:369

create_functionarray_walk($my, create_function('&$i, $k', '$i = $i["handle"];'));mse\fckeditor\editor\plugins\kfm\pear\PEAR\PackageFile\v2.php:421

create_functionarray_walk($yours, create_function('&$i, $k', '$i = $i["handle"];'));mse\fckeditor\editor\plugins\kfm\pear\PEAR\PackageFile\v2.php:426

unserialize$tmp = unserialize($data);mse\fckeditor\editor\plugins\kfm\pear\PEAR\Registry.php:710

unserialize$data = unserialize($data);mse\fckeditor\editor\plugins\kfm\pear\PEAR\Registry.php:1012

unserialize$data = unserialize($data);mse\fckeditor\editor\plugins\kfm\pear\PEAR\Registry.php:1054

create_function$notempty = create_function('$a','return !empty($a);');mse\fckeditor\editor\plugins\kfm\pear\PEAR\Registry.php:1852

unserialize'content' => unserialize($content),mse\fckeditor\editor\plugins\kfm\pear\PEAR\Remote.php:104

unserialize$packagexml = unserialize($packagexml);mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST\10.php:247

unserialize$d = unserialize($d);mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST\10.php:431

unserialize$pf->setDeps(unserialize($ds));mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST\10.php:569

unserialize$d = unserialize($dep['d']);mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST\11.php:149

unserializereturn unserialize(implode('', file($cachefile)));mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST.php:67

unserialize$cacheid = unserialize(implode('', file($cacheidfile)));mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST.php:155

unserialize$ret = unserialize(implode('', file($cacheidfile)));mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST.php:173

unserializereturn unserialize(implode('', file($cachefile)));mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST.php:185

unserialize$cacheid = unserialize(implode('', file($cacheidfile)));mse\fckeditor\editor\plugins\kfm\pear\PEAR\REST.php:205

systemsystem($cmd, $return_value);mse\fckeditor\editor\plugins\kfm\pear\PEAR\RunTest.php:207

SQL Query Safety

24% prepared126 total queries

Output Escaping

2% escaped65 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths

CreateFolder (mse\fckeditor\editor\filemanager\browser\default\connectors\php\commands.php:104)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Monsters Editor for WP Super Edit Attack Surface

Entry Points0

Unprotected0

Maintenance & Trust

Monsters Editor for WP Super Edit Maintenance & Trust

Maintenance Signals

WordPress version tested2.3

Last updatedUnknown

PHP min version

Downloads30K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Monsters Editor for WP Super Edit Alternatives

Fullscreen for WP Super Edit

fullscreen-10-for-wp-super-edit

By using it, you can enlarge your TinyMCE editor to fit the full screen of the browser, and toggle between those two views.

10 No CVEs

Toggle wpautop

toggle-wpautop

Easily disable the default wpautop filter on a post by post basis.

10K No CVEs

WP Super Edit

wp-super-edit

Get control of the WordPress wysiwyg visual editor and add some functionality with more buttons and custom TinyMCE plugins.

2K 1 unpatched

Remove Blank P Tag

remove-blank-p-tag

100

This plugin remove extra p and br tags from the_content and the_excerpt.

400 No CVEs

CKEditor For WordPress

ckeditor-12

This plugin Replaces the default Wordpress editor with CKeditor.

100 No CVEs

Developer Profile

Monsters Editor for WP Super Edit Developer Profile

Guan Gui

2 plugins · 40 total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Monsters Editor for WP Super Edit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellerpages.php

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php

Script Paths

/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/wordWindow.js

HTML / DOM Fingerprints

CSS Classes

spellerStyle

HTML Comments

by FredCK (for Windows) by FredCK (for Linux) by FredCK by FredCK+2 more

Data Attributes

wordWindowObj.originalSpellingswordWindowObj.suggestionswordWindowObj.textInputs

JS Globals

suggswordstextinputserrorwordWindowObj

FAQ