[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQV5D8hCtloedde_7d6qtGP4s5vi1BPX59tBYeAx7Nx4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":50,"analysis":140,"fingerprints":727},"monsters-editor-10-for-wp-super-edit","Monsters Editor for WP Super Edit","1.1","Guan Gui","https:\u002F\u002Fprofiles.wordpress.org\u002Fguiguan\u002F","\u003C\u002Fp>\n\u003Cp>Right, as a plugin for WP Super Edit, \u003Cem>Monsters Editor\u003C\u002Fem> (MsE) brings the magic of Fckeditor back to TinyMCE. So if you prefer TinyMCE as its concision, but used to Fckeditor’s powerful functions, then MsE is your good choice.\u003C\u002Fp>\n\u003Cp>Let’s take a look at \u003Ca href=\"http:\u002F\u002Fwww.guiguan.net\u002F2007\u002F07\u002Fmonsters-editor-10-for-wp-super-edit\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa> to see what it can do.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Can customize Fckeditor with fckeditor_config.js\u003C\u002Fli>\n\u003Cli>Update to the newest version of Fckeditor by yourself. Just replace the “fckeditor” directory.\u003C\u002Fli>\n\u003Cli>Uses \u003Ca href=\"http:\u002F\u002Fkfm.verens.com\u002F\" rel=\"nofollow ugc\">KFM\u003C\u002Fa> as file browser.\u003C\u002Fli>\n\u003Cli>There is an “WordPress Read More” button in it.\u003C\u002Fli>\n\u003Cli>Open in separate windows, which makes work more flexible.\u003C\u002Fli>\n\u003Cli>Based on \u003Ca href=\"http:\u002F\u002Fwww.funroe.net\u002F2007\u002F07\u002F21\u002Fwp-super-edit-11-updated-with-interesting-feature-bug\u002F\" rel=\"nofollow ugc\">WP Super Edit\u003C\u002Fa>, so you get fully control about it.\u003C\u002Fli>\n\u003C\u002Fol>\n","Monsters Editor (MsE) brings the magic of Fckeditor back to TinyMCE.",30,30150,0,"","2.3","2.1",[18,19,20,21,22],"editor","fckeditor","formatting","post","wysiwyg","http:\u002F\u002Fwww.guiguan.net\u002F2007\u002F07\u002Fmonsters-editor-10-for-wp-super-edit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmonsters-editor-10-for-wp-super-edit.zip",77,1,"2012-08-22 00:00:00","2026-03-15T10:48:56.248Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"WF-a2f8c71d-ad19-4265-8d33-3b0e7dbbf4c2-monsters-editor-10-for-wp-super-edit","monsters-editor-for-wp-super-edit-arbitrary-file-upload","Monsters Editor for WP Super Edit \u003C= 1.1 - Arbitrary File Upload","The Monsters Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'test.html' page in versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",null,"\u003C=1.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2024-01-22 19:56:02",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa2f8c71d-ad19-4265-8d33-3b0e7dbbf4c2?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":11,"trust_score":48,"computed_at":49},"guiguan",2,40,81,"2026-04-04T05:58:55.922Z",[51,65,87,108,126],{"slug":52,"name":53,"version":6,"author":7,"author_profile":8,"description":54,"short_description":55,"active_installs":56,"downloaded":57,"rating":13,"num_ratings":13,"last_updated":58,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":59,"homepage":61,"download_link":62,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":64},"fullscreen-10-for-wp-super-edit","Fullscreen for WP Super Edit","\u003Cp>Fullscreen 1.1 for WP Super Edit is a plugin for WP Super Edit. By using it, you can enlarge your TinyMCE editor to fit the full screen of the browser, and toggle between those two views.\u003C\u002Fp>\n","By using it, you can enlarge your TinyMCE editor to fit the full screen of the browser, and toggle between those two views.",10,6509,"2007-09-28T11:04:00.000Z",[18,20,21,60,22],"tinymce","http:\u002F\u002Fwww.guiguan.net\u002F2007\u002F07\u002Ffullscreen-10-for-wp-super-edit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffullscreen-10-for-wp-super-edit.zip",85,"2026-03-15T15:16:48.613Z",{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":85,"download_link":86,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":64},"toggle-wpautop","Toggle wpautop","1.3.0","Jonathan Desrosiers","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesrosj\u002F","\u003Cp>\u003Cstrong>Note: This plugin does not support the block editor but should continue to work without issue when using it with custom post types and the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">Classic Editor Plugin\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Before WordPress displays a post’s content, the content gets passed through multiple filters to ensure that it safely appears how you enter it within the editor.\u003C\u002Fp>\n\u003Cp>One of these filters is \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwpautop\" title=\"wpautop\" rel=\"nofollow ugc\">wpautop\u003C\u002Fa>, which replaces double line breaks with \u003Ccode>\u003Cp>\u003C\u002Fcode> tags, and single line breaks with \u003Ccode>\u003Cbr \u002F>\u003C\u002Fcode> tags. However, this filter sometimes causes issues when you are inputting a lot of HTML markup in the post editor.\u003C\u002Fp>\n\u003Cp>This plugin displays a checkbox in the publish meta box of the post edit screen that disables the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwpautop\" title=\"wpautop\" rel=\"nofollow ugc\">wpautop\u003C\u002Fa> filter for that post.\u003C\u002Fp>\n\u003Cp>Also adds a ‘wpautop’, or ‘no-wpautop’ class to the post_class filter to help with CSS styling.\u003C\u002Fp>\n","Easily disable the default wpautop filter on a post by post basis.",10000,108022,98,32,"2021-04-07T13:35:00.000Z","5.7.15","3.0","5.6",[18,82,20,83,84],"excerpt","post-content","wpautop","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoggle-wpautop","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoggle-wpautop.1.3.0.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":14,"tags":102,"homepage":104,"download_link":105,"security_score":106,"vuln_count":26,"unpatched_count":26,"last_vuln_date":107,"fetched_at":64},"wp-super-edit","WP Super Edit","2.5.4","Ahmad Awais","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrahmadawais\u002F","\u003Ch4>Major Update Due Soon!\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>This plugin is getting a major update soon.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Super Edit is designed to get control of the WordPress wysiwyg visual editor and add some functionality with more buttons and customized TinyMCE plugins. WP Super edit acts as framework for TinyMCE visual editor plugins and buttons allowing administrators (or users) to arrange buttons and add TinyMCE plugins to the visual editor.\u003C\u002Fp>\n\u003Cp>Your feedback is always welcome!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Drag and Drop interface for arranging the WordPress visual editor buttons.\u003C\u002Fli>\n\u003Cli>Access to built-in WordPress visual editor buttons and functions.\u003C\u002Fli>\n\u003Cli>Additional TinyMCE plugins to add buttons and features like tables, layers (div tag), advanced XHTML properties, advanced image and link properties, WordPress emoticons, style attributes, css classes for themes, search \u002F replace, and more.\u003C\u002Fli>\n\u003Cli>Options for allowing users to configure visual editor settings; One editor setting for all users, role based editor settings, and individual user editor settings. \u003Cstrong>Only WordPress administrators can activate or deactivate TinyMCE wysiwyg visual editor plugins. In single or role based modes, only administrators can arrange editor buttons.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Easy to install and remove. WP Super Edit uses separate database tables for settings and to support multi-site configurations. Currently only the \u003Cstrong>Super Emoticon \u002F Icon Plugin\u003C\u002Fstrong> will leave short tags in your posts or pages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Version Notice\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This version has been tested for use with the versions of WordPress indicated. I attempt to keep WP Super Edit up to date with changes to WordPress and the visual editor, but the complex changes can make it unproductive to maintain compatiblity with some older versions of WordPress. This is a list of recent versions available for older WordPress sites.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use WP Super Edit 2.1 for WordPress 2.6 to 2.7.1\u003C\u002Fli>\n\u003Cli>Use WP Super Edit 2.3.x for WordPress 2.8 to 3.1.x\u003C\u002Fli>\n\u003Cli>Use WP Super Edit 2.4.x for WordPress 3.1 to 3.8.x\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-super-edit\u002Fdownload\u002F\" rel=\"ugc\">Download Older Versions of WP Super Edit\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Get control of the WordPress wysiwyg visual editor and add some functionality with more buttons and custom TinyMCE plugins.",2000,366392,74,18,"2020-03-07T21:39:00.000Z","5.4.0","4.2",[103,18,20,60,22],"admin","http:\u002F\u002Ffunroe.net\u002Fprojects\u002Fsuper-edit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-super-edit.2.5.4.zip",63,"2025-07-09 00:00:00",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":26,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":14,"tags":122,"homepage":124,"download_link":125,"security_score":118,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":64},"remove-blank-p-tag","Remove Blank P Tag","1.2","Vishit Shah","https:\u002F\u002Fprofiles.wordpress.org\u002Fvishitshah\u002F","\u003Cp>This is very simple plugin to remove extra p and br tags in post and page editer\u003C\u002Fp>\n\u003Cp>This plugin remove extra p and br tags from the_content, the_excerpt and widget_text_content.\u003C\u002Fp>\n","This plugin remove extra p and br tags from the_content and the_excerpt.",400,3394,100,"2025-04-17T09:32:00.000Z","6.8.5","3.1",[18,82,20,123,84],"postcontent","http:\u002F\u002Fwww.godazzle.in\u002Fremove-blank-p-tag.zip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-blank-p-tag.1.2.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":118,"downloaded":134,"rating":13,"num_ratings":13,"last_updated":135,"tested_up_to":14,"requires_at_least":111,"requires_php":14,"tags":136,"homepage":138,"download_link":139,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":64},"ckeditor-12","CKEditor For WordPress","1.3","doni2000","https:\u002F\u002Fprofiles.wordpress.org\u002Fdoni2000\u002F","\u003Cp>This plugin Replaces the default WordPress editor with \u003Ca href=\"http:\u002F\u002Fckeditor.com\u002F\" rel=\"nofollow ugc\">CKeditor\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>CKeditor is an open source WYSIWYG text editor ,brings to the web much of the power of desktop editors like MS Word.it’s lightweight and is compatible with most internet browsers which include: IE 5.5+ (Windows), Firefox 1.0+, Mozilla 1.3+ and Netscape 7+.\u003Cbr \u002F>\nFeatures:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>media buttons\u003C\u002Fli>\n\u003Cli>Build-in File manager and upload manager.\u003C\u002Fli>\n\u003Cli>Customize editor�s skin\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin Replaces the default Wordpress editor with CKeditor.",21683,"2009-10-08T06:59:00.000Z",[137,18,21,22],"ckeditor","http:\u002F\u002Fwww.cmsspace.com\u002Fdemo.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fckeditor-12.zip",{"attackSurface":141,"codeSignals":147,"taintFlows":561,"riskAssessment":704,"analyzedAt":726},{"hooks":142,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":148,"sqlUsage":283,"outputEscaping":442,"fileOperations":559,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":560},[149,153,158,161,164,168,172,177,182,186,189,194,196,199,202,205,209,214,217,220,225,228,232,235,239,242,244,247,251,255,258,261,265,269,272,275,277,279],{"fn":150,"file":151,"line":75,"context":152},"shell_exec","mse\\fckeditor\\editor\\dialog\\fck_spellerpages\\spellerpages\\server-scripts\\spellchecker.php","if( $aspellret = shell_exec( $cmd )) {",{"fn":154,"file":155,"line":156,"context":157},"exec","mse\\fckeditor\\editor\\plugins\\kfm\\includes\\files.php",48,"exec('unzip -l \"'.$dir.$file->name.'\"',$arr,$res);",{"fn":154,"file":155,"line":159,"context":160},54,"exec('unzip -o \"'.$dir.$file->name.'\" -x -d \"'.$dir.'\"',$arr,$res);",{"fn":154,"file":155,"line":162,"context":163},388,"exec('cd \"'.$rootdir.'\" && zip -D \"'.$zipfile.'\" \"'.join('\" \"',$arr).'\"',$arr,$res);",{"fn":154,"file":165,"line":166,"context":167},"mse\\fckeditor\\editor\\plugins\\kfm\\includes\\image.class.php",138,"exec(IMAGEMAGICK_PATH.' \"'.$from.'\" -'.$action.' \"'.$to.'\"',$arr,$retval);",{"fn":150,"file":169,"line":170,"context":171},"mse\\fckeditor\\editor\\plugins\\kfm\\initialise.php",270,"return trim(shell_exec('file -bi '.escapeshellarg($f)));",{"fn":173,"file":174,"line":175,"context":176},"popen","mse\\fckeditor\\editor\\plugins\\kfm\\pear\\OS\\Guess.php",248,"$cpp = popen(\"\u002Fusr\u002Fbin\u002Fcpp $tmpfile\", \"r\");",{"fn":178,"file":179,"line":180,"context":181},"create_function","mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Autoloader.php",102,"array_walk($method, create_function('$a,&$b', '$b = strtolower($b);'));",{"fn":154,"file":183,"line":184,"context":185},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Builder.php",351,"$prefix = exec(\"php-config --prefix\");",{"fn":173,"file":183,"line":187,"context":188},415,"$pp = @popen(\"$command 2>&1\", \"r\");",{"fn":190,"file":191,"line":192,"context":193},"preg_replace(\u002Fe)","mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Command\\Package.php",1098,"preg_replace('\u002F@([a-z0-9_-]+)@\u002Fe'",{"fn":190,"file":191,"line":195,"context":193},1101,{"fn":173,"file":191,"line":197,"context":198},450,"$fp = popen($command, \"r\");",{"fn":173,"file":191,"line":200,"context":201},528,"$fp = popen($cmd, \"r\");",{"fn":173,"file":191,"line":203,"context":204},708,"$gpg = popen(\"gpg --batch --passphrase-fd 0 --armor --detach-sign --output $tmpdir\u002Fpackage.sig $tmpd",{"fn":178,"file":206,"line":207,"context":208},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Command\\Registry.php",509,"$info[$key][$i] = array_map(create_function('$a',",{"fn":210,"file":211,"line":212,"context":213},"unserialize","mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Config.php",1003,"$data = unserialize($contents);",{"fn":210,"file":215,"line":207,"context":216},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\DependencyDB.php","$data = unserialize(file_get_contents($this->_depdb));",{"fn":210,"file":215,"line":218,"context":219},511,"$data = unserialize(fread($fp, filesize($this->_depdb)));",{"fn":221,"file":222,"line":223,"context":224},"system","mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Frontend\\CLI.php",353,"system('stty -echo');",{"fn":221,"file":222,"line":226,"context":227},369,"system('stty echo');",{"fn":178,"file":229,"line":230,"context":231},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\PackageFile\\v2.php",421,"array_walk($my, create_function('&$i, $k', '$i = $i[\"handle\"];'));",{"fn":178,"file":229,"line":233,"context":234},426,"array_walk($yours, create_function('&$i, $k', '$i = $i[\"handle\"];'));",{"fn":210,"file":236,"line":237,"context":238},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Registry.php",710,"$tmp = unserialize($data);",{"fn":210,"file":236,"line":240,"context":241},1012,"$data = unserialize($data);",{"fn":210,"file":236,"line":243,"context":241},1054,{"fn":178,"file":236,"line":245,"context":246},1852,"$notempty = create_function('$a','return !empty($a);');",{"fn":210,"file":248,"line":249,"context":250},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Remote.php",104,"'content'    => unserialize($content),",{"fn":210,"file":252,"line":253,"context":254},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\REST\\10.php",247,"$packagexml = unserialize($packagexml);",{"fn":210,"file":252,"line":256,"context":257},431,"$d = unserialize($d);",{"fn":210,"file":252,"line":259,"context":260},569,"$pf->setDeps(unserialize($ds));",{"fn":210,"file":262,"line":263,"context":264},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\REST\\11.php",149,"$d = unserialize($dep['d']);",{"fn":210,"file":266,"line":267,"context":268},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\REST.php",67,"return unserialize(implode('', file($cachefile)));",{"fn":210,"file":266,"line":270,"context":271},155,"$cacheid = unserialize(implode('', file($cacheidfile)));",{"fn":210,"file":266,"line":273,"context":274},173,"$ret = unserialize(implode('', file($cacheidfile)));",{"fn":210,"file":266,"line":276,"context":268},185,{"fn":210,"file":266,"line":278,"context":271},205,{"fn":221,"file":280,"line":281,"context":282},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\RunTest.php",207,"system($cmd, $return_value);",{"prepared":11,"raw":284,"locations":285},96,[286,290,293,295,297,299,301,303,305,307,309,311,313,314,315,317,319,321,323,325,327,329,331,333,335,337,339,340,341,344,346,348,350,352,355,357,359,361,362,363,364,366,368,370,372,373,375,377,379,381,383,384,385,387,388,390,391,392,394,396,397,399,401,403,405,406,407,408,409,410,411,412,413,414,415,417,418,419,420,421,422,423,424,425,427,428,429,430,431,432,433,434,435,436,437,440],{"file":287,"line":288,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\api\\api.php",15,"$wpdb->query() with variable interpolation",{"file":291,"line":292,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\get.php",14,{"file":291,"line":294,"context":289},23,{"file":296,"line":76,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\includes\\directories.php",{"file":296,"line":298,"context":289},103,{"file":296,"line":300,"context":289},109,{"file":302,"line":56,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\includes\\directory.class.php",{"file":302,"line":304,"context":289},19,{"file":302,"line":306,"context":289},76,{"file":302,"line":308,"context":289},92,{"file":302,"line":310,"context":289},116,{"file":312,"line":288,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\includes\\file.class.php",{"file":312,"line":308,"context":289},{"file":155,"line":118,"context":289},{"file":155,"line":316,"context":289},160,{"file":155,"line":318,"context":289},213,{"file":155,"line":320,"context":289},219,{"file":155,"line":322,"context":289},232,{"file":155,"line":324,"context":289},284,{"file":155,"line":326,"context":289},288,{"file":155,"line":328,"context":289},302,{"file":155,"line":330,"context":289},322,{"file":155,"line":332,"context":289},326,{"file":155,"line":334,"context":289},329,{"file":155,"line":336,"context":289},332,{"file":155,"line":338,"context":289},344,{"file":165,"line":159,"context":289},{"file":165,"line":310,"context":289},{"file":342,"line":343,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\index.php",111,{"file":342,"line":345,"context":289},112,{"file":169,"line":347,"context":289},154,{"file":169,"line":349,"context":289},167,{"file":169,"line":351,"context":289},199,{"file":353,"line":354,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\MDB2\\Driver\\Manager\\pgsql.php",515,{"file":356,"line":46,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\scripts\\db.mysql.create.php",{"file":356,"line":358,"context":289},3,{"file":356,"line":360,"context":289},9,{"file":356,"line":288,"context":289},{"file":356,"line":294,"context":289},{"file":356,"line":11,"context":289},{"file":356,"line":365,"context":289},34,{"file":356,"line":367,"context":289},41,{"file":356,"line":369,"context":289},42,{"file":371,"line":46,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\scripts\\db.mysql.update.0.7.2.php",{"file":371,"line":358,"context":289},{"file":371,"line":374,"context":289},4,{"file":371,"line":376,"context":289},5,{"file":371,"line":378,"context":289},6,{"file":371,"line":380,"context":289},7,{"file":371,"line":382,"context":289},8,{"file":371,"line":360,"context":289},{"file":371,"line":56,"context":289},{"file":371,"line":386,"context":289},11,{"file":371,"line":98,"context":289},{"file":389,"line":46,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\scripts\\db.pgsql.create.php",{"file":389,"line":358,"context":289},{"file":389,"line":56,"context":289},{"file":389,"line":393,"context":289},17,{"file":389,"line":395,"context":289},26,{"file":389,"line":365,"context":289},{"file":389,"line":398,"context":289},39,{"file":389,"line":400,"context":289},46,{"file":389,"line":402,"context":289},47,{"file":404,"line":46,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\scripts\\db.pgsql.update.0.7.2.php",{"file":404,"line":358,"context":289},{"file":404,"line":374,"context":289},{"file":404,"line":376,"context":289},{"file":404,"line":378,"context":289},{"file":404,"line":380,"context":289},{"file":404,"line":382,"context":289},{"file":404,"line":360,"context":289},{"file":404,"line":56,"context":289},{"file":404,"line":386,"context":289},{"file":404,"line":304,"context":289},{"file":416,"line":46,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\scripts\\db.sqlite.create.php",{"file":416,"line":358,"context":289},{"file":416,"line":360,"context":289},{"file":416,"line":288,"context":289},{"file":416,"line":294,"context":289},{"file":416,"line":11,"context":289},{"file":416,"line":365,"context":289},{"file":416,"line":367,"context":289},{"file":416,"line":369,"context":289},{"file":426,"line":46,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\scripts\\db.sqlite.update.0.7.2.php",{"file":426,"line":358,"context":289},{"file":426,"line":374,"context":289},{"file":426,"line":376,"context":289},{"file":426,"line":378,"context":289},{"file":426,"line":380,"context":289},{"file":426,"line":382,"context":289},{"file":426,"line":360,"context":289},{"file":426,"line":56,"context":289},{"file":426,"line":386,"context":289},{"file":426,"line":98,"context":289},{"file":438,"line":439,"context":289},"mse\\fckeditor\\editor\\plugins\\kfm\\scripts\\update.0.8.php",21,{"file":438,"line":441,"context":289},22,{"escaped":26,"rawEcho":443,"locations":444},64,[445,448,450,451,452,454,455,457,459,460,463,465,467,469,471,473,474,476,478,479,480,482,483,485,487,489,491,492,493,495,497,499,500,502,503,505,506,508,509,511,512,513,515,516,518,520,521,524,525,527,529,531,533,535,537,539,540,542,545,548,550,552,554,557],{"file":151,"line":446,"context":447},27,"raw output",{"file":151,"line":449,"context":447},33,{"file":151,"line":365,"context":447},{"file":151,"line":398,"context":447},{"file":151,"line":453,"context":447},45,{"file":151,"line":156,"context":447},{"file":151,"line":456,"context":447},65,{"file":151,"line":458,"context":447},148,{"file":151,"line":263,"context":447},{"file":461,"line":462,"context":447},"mse\\fckeditor\\editor\\filemanager\\browser\\default\\connectors\\php\\basexml.php",53,{"file":461,"line":464,"context":447},56,{"file":461,"line":466,"context":447},84,{"file":468,"line":156,"context":447},"mse\\fckeditor\\editor\\filemanager\\browser\\default\\connectors\\php\\commands.php",{"file":468,"line":470,"context":447},90,{"file":468,"line":472,"context":447},99,{"file":468,"line":458,"context":447},{"file":468,"line":475,"context":447},217,{"file":477,"line":76,"context":447},"mse\\fckeditor\\editor\\filemanager\\upload\\php\\upload.php",{"file":291,"line":393,"context":447},{"file":291,"line":464,"context":447},{"file":481,"line":98,"context":447},"mse\\fckeditor\\editor\\plugins\\kfm\\includes\\kaejax.php",{"file":342,"line":441,"context":447},{"file":342,"line":484,"context":447},78,{"file":342,"line":486,"context":447},80,{"file":342,"line":488,"context":447},82,{"file":342,"line":490,"context":447},83,{"file":342,"line":466,"context":447},{"file":342,"line":63,"context":447},{"file":342,"line":494,"context":447},86,{"file":342,"line":496,"context":447},87,{"file":342,"line":498,"context":447},88,{"file":342,"line":470,"context":447},{"file":342,"line":501,"context":447},91,{"file":342,"line":308,"context":447},{"file":342,"line":504,"context":447},93,{"file":342,"line":284,"context":447},{"file":342,"line":507,"context":447},97,{"file":342,"line":75,"context":447},{"file":342,"line":510,"context":447},110,{"file":169,"line":449,"context":447},{"file":169,"line":402,"context":447},{"file":169,"line":514,"context":447},130,{"file":169,"line":166,"context":447},{"file":169,"line":517,"context":447},187,{"file":519,"line":378,"context":447},"mse\\fckeditor\\editor\\plugins\\kfm\\login.php",{"file":519,"line":446,"context":447},{"file":522,"line":523,"context":447},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR\\Common.php",289,{"file":222,"line":504,"context":447},{"file":222,"line":526,"context":447},106,{"file":222,"line":528,"context":447},164,{"file":222,"line":530,"context":447},165,{"file":222,"line":532,"context":447},355,{"file":222,"line":534,"context":447},357,{"file":222,"line":536,"context":447},393,{"file":236,"line":538,"context":447},293,{"file":280,"line":496,"context":447},{"file":280,"line":541,"context":447},401,{"file":543,"line":544,"context":447},"mse\\fckeditor\\editor\\plugins\\kfm\\pear\\PEAR.php",174,{"file":546,"line":547,"context":447},"mse\\fckeditor\\editor\\plugins\\kfm\\upload.php",51,{"file":546,"line":549,"context":447},52,{"file":551,"line":462,"context":447},"mse\\fckeditor\\fckeditor_php4.php",{"file":553,"line":462,"context":447},"mse\\fckeditor\\fckeditor_php5.php",{"file":555,"line":556,"context":447},"mse\\fckeditor\\_samples\\php\\sampleposteddata.php",58,{"file":555,"line":558,"context":447},59,279,[],[562,579,588,603,613,633,645,658,668],{"entryPoint":563,"graph":564,"unsanitizedCount":26,"severity":578},"CreateFolder (mse\\fckeditor\\editor\\filemanager\\browser\\default\\connectors\\php\\commands.php:104)",{"nodes":565,"edges":575},[566,570],{"id":567,"type":568,"label":569,"file":468,"line":343},"n0","source","$_GET",{"id":571,"type":572,"label":573,"file":468,"line":458,"wp_function":574},"n1","sink","echo() [XSS]","echo",[576],{"from":567,"to":571,"sanitized":577},false,"medium",{"entryPoint":580,"graph":581,"unsanitizedCount":26,"severity":578},"FileUpload (mse\\fckeditor\\editor\\filemanager\\browser\\default\\connectors\\php\\commands.php:151)",{"nodes":582,"edges":586},[583,585],{"id":567,"type":568,"label":584,"file":468,"line":316},"$_FILES",{"id":571,"type":572,"label":573,"file":468,"line":475,"wp_function":574},[587],{"from":567,"to":571,"sanitized":577},{"entryPoint":589,"graph":590,"unsanitizedCount":46,"severity":578},"DoResponse (mse\\fckeditor\\editor\\filemanager\\browser\\default\\connectors\\php\\connector.php:64)",{"nodes":591,"edges":600},[592,595,598],{"id":567,"type":568,"label":593,"file":594,"line":504},"$_GET (x2)","mse\\fckeditor\\editor\\filemanager\\browser\\default\\connectors\\php\\connector.php",{"id":571,"type":596,"label":597,"file":594,"line":504},"transform","→ CreateXmlHeader()",{"id":599,"type":572,"label":573,"file":461,"line":462,"wp_function":574},"n2",[601,602],{"from":567,"to":571,"sanitized":577},{"from":571,"to":599,"sanitized":577},{"entryPoint":604,"graph":605,"unsanitizedCount":46,"severity":578},"\u003Cconnector> (mse\\fckeditor\\editor\\filemanager\\browser\\default\\connectors\\php\\connector.php:0)",{"nodes":606,"edges":610},[607,608,609],{"id":567,"type":568,"label":593,"file":594,"line":504},{"id":571,"type":596,"label":597,"file":594,"line":504},{"id":599,"type":572,"label":573,"file":461,"line":462,"wp_function":574},[611,612],{"from":567,"to":571,"sanitized":577},{"from":571,"to":599,"sanitized":577},{"entryPoint":614,"graph":615,"unsanitizedCount":358,"severity":578},"\u003Cupload> (mse\\fckeditor\\editor\\plugins\\kfm\\upload.php:0)",{"nodes":616,"edges":629},[617,618,621,623,625,627],{"id":567,"type":568,"label":584,"file":546,"line":378},{"id":571,"type":572,"label":619,"file":546,"line":439,"wp_function":620},"file_get_contents() [SSRF\u002FLFI]","file_get_contents",{"id":599,"type":568,"label":622,"file":546,"line":547},"$_POST['onload']",{"id":624,"type":572,"label":573,"file":546,"line":547,"wp_function":574},"n3",{"id":626,"type":568,"label":584,"file":546,"line":378},"n4",{"id":628,"type":572,"label":573,"file":546,"line":549,"wp_function":574},"n5",[630,631,632],{"from":567,"to":571,"sanitized":577},{"from":599,"to":624,"sanitized":577},{"from":626,"to":628,"sanitized":577},{"entryPoint":634,"graph":635,"unsanitizedCount":46,"severity":644},"\u003Ccommands> (mse\\fckeditor\\editor\\filemanager\\browser\\default\\connectors\\php\\commands.php:0)",{"nodes":636,"edges":641},[637,638,639,640],{"id":567,"type":568,"label":569,"file":468,"line":343},{"id":571,"type":572,"label":573,"file":468,"line":458,"wp_function":574},{"id":599,"type":568,"label":584,"file":468,"line":316},{"id":624,"type":572,"label":573,"file":468,"line":475,"wp_function":574},[642,643],{"from":567,"to":571,"sanitized":577},{"from":599,"to":624,"sanitized":577},"low",{"entryPoint":646,"graph":647,"unsanitizedCount":46,"severity":644},"\u003Cindex> (mse\\fckeditor\\editor\\plugins\\kfm\\index.php:0)",{"nodes":648,"edges":655},[649,651,652,654],{"id":567,"type":568,"label":650,"file":342,"line":501},"$_GET['kfm_callerType']",{"id":571,"type":572,"label":573,"file":342,"line":501,"wp_function":574},{"id":599,"type":568,"label":653,"file":342,"line":510},"$_SERVER['SERVER_NAME']",{"id":624,"type":572,"label":573,"file":342,"line":510,"wp_function":574},[656,657],{"from":567,"to":571,"sanitized":577},{"from":599,"to":624,"sanitized":577},{"entryPoint":659,"graph":660,"unsanitizedCount":46,"severity":644},"\u003Cinitialise> (mse\\fckeditor\\editor\\plugins\\kfm\\initialise.php:0)",{"nodes":661,"edges":666},[662,665],{"id":567,"type":568,"label":663,"file":169,"line":664},"$_SERVER (x2)",79,{"id":571,"type":572,"label":573,"file":169,"line":514,"wp_function":574},[667],{"from":567,"to":571,"sanitized":577},{"entryPoint":669,"graph":670,"unsanitizedCount":382,"severity":37},"\u003Cget> (mse\\fckeditor\\editor\\plugins\\kfm\\get.php:0)",{"nodes":671,"edges":697},[672,673,676,677,678,679,683,685,689,691,694],{"id":567,"type":568,"label":593,"file":291,"line":374},{"id":571,"type":572,"label":674,"file":291,"line":292,"wp_function":675},"query() [SQLi]","query",{"id":599,"type":568,"label":593,"file":291,"line":374},{"id":624,"type":572,"label":573,"file":291,"line":393,"wp_function":574},{"id":626,"type":568,"label":593,"file":291,"line":439},{"id":628,"type":572,"label":680,"file":291,"line":681,"wp_function":682},"header() [Header Injection]",49,"header",{"id":684,"type":568,"label":569,"file":291,"line":439},"n6",{"id":686,"type":572,"label":687,"file":291,"line":159,"wp_function":688},"n7","fopen() [File Access]","fopen",{"id":690,"type":568,"label":569,"file":291,"line":547},"n8",{"id":692,"type":596,"label":693,"file":291,"line":547},"n9","→ get_mimetype()",{"id":695,"type":572,"label":696,"file":169,"line":170,"wp_function":150},"n10","shell_exec() [RCE]",[698,699,700,701,702,703],{"from":567,"to":571,"sanitized":577},{"from":599,"to":624,"sanitized":577},{"from":626,"to":628,"sanitized":577},{"from":684,"to":686,"sanitized":577},{"from":690,"to":692,"sanitized":577},{"from":692,"to":695,"sanitized":577},{"summary":705,"deductions":706},"This plugin exhibits a significant security risk due to multiple alarming indicators from the static analysis. The absence of any authentication or capability checks on all identified entry points is a major concern, leaving the plugin vulnerable to unauthorized access and manipulation.  The extensive use of dangerous functions like shell_exec, exec, and unserialize, combined with a very low percentage of properly escaped output and a high number of file operations, suggests a high potential for remote code execution and other severe vulnerabilities.\n\nThe taint analysis further exacerbates these concerns, with all analyzed flows showing unsanitized paths and one critical severity flow. This indicates that user-supplied input could be directly influencing sensitive operations, leading to exploits.  The plugin's vulnerability history, including a known critical CVE for unrestricted file uploads, reinforces the pattern of severe security weaknesses. While the plugin has no external HTTP requests, its internal code structure presents a substantial risk.\n\nIn conclusion, the \"monsters-editor-10-for-wp-super-edit\" v1.1 plugin has a very poor security posture. The complete lack of input validation and authorization on its entry points, coupled with the presence of dangerous functions and critical taint flows, makes it highly susceptible to exploitation. The historical critical vulnerability also points to recurring security flaws.  Despite having no external network exposure, the internal code weaknesses and lack of protective measures pose an immediate and significant threat.",[707,710,712,714,716,718,720,722,724],{"reason":708,"points":709},"Unpatched critical CVE present",20,{"reason":711,"points":288},"Critical severity taint flow",{"reason":713,"points":288},"All taint flows with unsanitized paths",{"reason":715,"points":56},"Zero nonce checks",{"reason":717,"points":56},"Zero capability checks",{"reason":719,"points":56},"High number of dangerous functions",{"reason":721,"points":382},"Low percentage of properly escaped output",{"reason":723,"points":376},"High number of file operations",{"reason":725,"points":376},"Low percentage of SQL using prepared statements","2026-03-16T22:21:36.207Z",{"wat":728,"direct":736},{"assetPaths":729,"generatorPatterns":732,"scriptPaths":733,"versionParams":735},[730,731,731,731,731,731,731,731],"\u002Fwp-content\u002Fplugins\u002Fmonsters-editor-10-for-wp-super-edit\u002Fmse\u002Ffckeditor\u002Feditor\u002Fdialog\u002Ffck_spellerpages\u002Fspellerpages\u002Fserver-scripts\u002Fspellerpages.php","\u002Fwp-content\u002Fplugins\u002Fmonsters-editor-10-for-wp-super-edit\u002Fmse\u002Ffckeditor\u002Feditor\u002Fdialog\u002Ffck_spellerpages\u002Fspellerpages\u002Fserver-scripts\u002Fspellchecker.php",[],[734],"\u002Fwp-content\u002Fplugins\u002Fmonsters-editor-10-for-wp-super-edit\u002Fmse\u002Ffckeditor\u002Feditor\u002Fdialog\u002Ffck_spellerpages\u002Fspellerpages\u002Fserver-scripts\u002FwordWindow.js",[],{"cssClasses":737,"htmlComments":739,"htmlAttributes":744,"restEndpoints":748,"jsGlobals":749,"shortcodeOutput":755},[738],"spellerStyle",[740,741,742,742,742,743]," by FredCK (for Windows)"," by FredCK (for Linux)"," by FredCK","by FredCK",[745,746,747],"wordWindowObj.originalSpellings","wordWindowObj.suggestions","wordWindowObj.textInputs",[],[750,751,752,753,754],"suggs","words","textinputs","error","wordWindowObj",[]]