WP-Safety

Paste as Plain Text Security & Risk Analysis

wordpress.org/plugins/paste-as-plain-text

Forces the WordPress editor to paste everything as plain text.

1K active installs v1.0.1 PHP + WP 3.2+ Updated Nov 9, 2017
editorpasteplain-textplaintexttinymce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Paste as Plain Text Safe to Use in 2026?

Generally Safe

Score 85/100

Paste as Plain Text has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The paste-as-plain-text plugin version 1.0.1 exhibits a strong security posture based on the provided static analysis. There are no identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events that could be directly exploited. Furthermore, the code demonstrates excellent security practices by not using dangerous functions, all SQL queries are prepared statements, and all output is properly escaped. The absence of file operations, external HTTP requests, and the lack of critical taint analysis findings further reinforce this positive assessment. The plugin also has no recorded vulnerabilities, indicating a history of security awareness and maintenance.

Vulnerabilities
None known

Paste as Plain Text Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Paste as Plain Text Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Paste as Plain Text Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionadmin_initpaste-as-plain-text.php:37
filtertiny_mce_before_initpaste-as-plain-text.php:43
filterteeny_mce_before_initpaste-as-plain-text.php:44
filterteeny_mce_pluginspaste-as-plain-text.php:45
filtermce_buttons_2paste-as-plain-text.php:46
Maintenance & Trust

Paste as Plain Text Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedNov 9, 2017
PHP min version
Downloads14K

Community Trust

Rating98/100
Number of ratings14
Active installs1K
Alternatives

Paste as Plain Text Alternatives

Paste As Plain Text By Default

Paste As Plain Text By Default

paste-as-plain-text-by-default

A
100

Enable paste as text by default with one click in editors like Classic Editor, Divi, Elementor, Beaver Builder and WPBakery.

1K No CVEs
TinyMCE Paste in Plain Text by Default

TinyMCE Paste in Plain Text by Default

tinymce-paste-in-plain-text-by-default

A
85

Changes the default behavior on TinyMCE so that all text is pasted plain by default.

90 No CVEs
Black Studio TinyMCE Widget

Black Studio TinyMCE Widget

black-studio-tinymce-widget

A
100

The visual editor widget for WordPress.

200K No CVEs
AddQuicktag

AddQuicktag

addquicktag

A
85

This plugin makes it easy to add Quicktags to the html - and visual-editor.

100K No CVEs
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor

post-and-page-builder

A
95

Post and Page Builder is a standalone plugin which adds functionality to the existing TinyMCE Editor.

60K 10 CVEs
Developer Profile

Paste as Plain Text Developer Profile

Till Krüss

5 plugins · 411K total installs

82
trust score
Avg Security Score
91/100
Avg Patch Time
33 days
View full developer profile
Detection Fingerprints

How We Detect Paste as Plain Text

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Paste as Plain Text