WP-Safety

Papr Editor Security & Risk Analysis

wordpress.org/plugins/papr-editor

A calm, distraction-free writing editor for WordPress.

0 active installs v0.0.5 PHP 7.4+ WP 6.0+ Updated Feb 6, 2026
distraction-freeeditorpostsproductivitywriting
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Papr Editor Safe to Use in 2026?

Generally Safe

Score 100/100

Papr Editor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The papr-editor plugin v0.0.5 presents a significant security risk due to a completely unprotected attack surface. All 9 identified entry points, including AJAX handlers and REST API routes, lack any form of authentication or permission checks. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure. While the code exhibits strong practices in other areas, such as 100% properly escaped output and the absence of dangerous functions or raw SQL queries, the lack of authentication on all entry points is a critical oversight that overshadows these strengths. The plugin's vulnerability history is clean, with no recorded CVEs, which suggests a lack of past exploitation or a very new plugin. However, the current state of the code, with its entirely exposed endpoints, makes it a prime target for immediate security attention despite the lack of historical vulnerabilities.

Key Concerns

  • All AJAX handlers lack auth checks
  • All REST API routes lack permission callbacks
  • Large attack surface without auth
Vulnerabilities
None known

Papr Editor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Papr Editor Release Timeline

v0.0.5Current
v0.0.4
v0.0.3
v0.0.2
Code Analysis
Analyzed Apr 16, 2026

Papr Editor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
33 escaped
Nonce Checks
3
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped33 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
handle_callback (papr-editor.php:183)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Papr Editor Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 1

authwp_ajax_papr_dismiss_onboardingpapr-editor.php:47

REST API Routes 8

GET/wp-json/papr/v1/post/(?P<id>\d+)papr-editor.php:310
POST/wp-json/papr/v1/post/(?P<id>\d+)papr-editor.php:320
POST/wp-json/papr/v1/postpapr-editor.php:330
GET/wp-json/papr/v1/postspapr-editor.php:340
POST/wp-json/papr/v1/post/(?P<id>\d+)/statuspapr-editor.php:350
DELETE/wp-json/papr/v1/post/(?P<id>\d+)papr-editor.php:360
POST/wp-json/papr/v1/disconnectpapr-editor.php:370
POST/wp-json/papr/v1/mediapapr-editor.php:380
WordPress Hooks 14
filterallowed_redirect_hostspapr-editor.php:32
actionadmin_menupapr-editor.php:33
actionadmin_enqueue_scriptspapr-editor.php:34
actionadmin_post_papr_connectpapr-editor.php:35
actionadmin_post_papr_disconnectpapr-editor.php:36
actionadmin_initpapr-editor.php:37
filterpost_row_actionspapr-editor.php:38
filterpage_row_actionspapr-editor.php:39
actionrest_api_initpapr-editor.php:40
actionrest_api_initpapr-editor.php:41
filterrest_pre_dispatchpapr-editor.php:42
filtercron_schedulespapr-editor.php:44
actioninitpapr-editor.php:46
filterrest_pre_serve_requestpapr-editor.php:275
Maintenance & Trust

Papr Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version7.4
Downloads224

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Papr Editor Alternatives

Minimalist editor

Minimalist editor

minimalist-editor

A
85

No fuzz post editor - more typewriter, less command prompt.

10 No CVEs
WebTextTools Character Picker

WebTextTools Character Picker

webtexttools-character-picker

A
100

Insert accented and special characters into Gutenberg with a fast, searchable character picker.

0 No CVEs
GenerateBlocks

GenerateBlocks

generateblocks

A
95

A small collection of lightweight WordPress blocks that can accomplish nearly anything.

200K 6 CVEs
Publish to Schedule

Publish to Schedule

publish-to-schedule

A
99

Automate your WordPress post scheduling with Publish to Schedule. Set rules for days and times to publish posts automatically, saving you time and ens &hellip;

5K 2 CVEs
Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor

Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor

bulk-edit-categories-tags

A
100

Modern Bulk Editor for Blog Categories and Tags, create and edit hundreds of categories in a spreadsheet inside wp-admin. Quick edits.

4K No CVEs
Developer Profile

Papr Editor Developer Profile

Tangible Design

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Papr Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/papr-editor/assets/papr-admin.css
Version Parameters
papr-admin.css?ver=0.0.1

HTML / DOM Fingerprints

REST Endpoints
/wp-json/papr/v1/
FAQ

Frequently Asked Questions about Papr Editor