Does Preserved HTML Editor Markup Plus have any unpatched vulnerabilities?

No. All known vulnerabilities in Preserved HTML Editor Markup Plus have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Preserved HTML Editor Markup Plus compatible with WordPress 5.3.21?

According to WordPress.org data, Preserved HTML Editor Markup Plus 1.5.4 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

How often is Preserved HTML Editor Markup Plus updated?

Preserved HTML Editor Markup Plus was last updated on Dec 11, 2019. Frequent updates are generally a positive security signal.

What is Preserved HTML Editor Markup Plus's security score?

Preserved HTML Editor Markup Plus has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Preserved HTML Editor Markup Plus Security & Risk Analysis

wordpress.org/plugins/preserved-html-editor-markup-plus

Preserves HTML and developer edits in HTML AND WYSIWYG tab. Supports inline scripts/css, JavaScript code blocks and HTML5 content editing

4K active installs v1.5.4 PHP + WP 3.2.1+ Updated Dec 11, 2019

editorhtmlmarkupwhite-spacewpautop

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Preserved HTML Editor Markup Plus Safe to Use in 2026?

Generally Safe

Score 85/100

Preserved HTML Editor Markup Plus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The 'preserved-html-editor-markup-plus' plugin version 1.5.4 exhibits a generally good security posture based on the static analysis provided. The absence of any known CVEs and a clean vulnerability history are significant strengths. The code also demonstrates good practices with all SQL queries utilizing prepared statements and a nonce check present. However, there are areas for improvement. The low percentage of properly escaped output (13%) indicates a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate sanitization. Additionally, the lack of capability checks on the single AJAX handler is a concern, as it means any authenticated user could potentially trigger its functionality, regardless of their role or permissions. The absence of critical taint flows and dangerous functions is positive, suggesting that while output escaping is weak, the plugin doesn't appear to be directly handling sensitive data in a highly insecure manner or executing dangerous operations.

Key Concerns

Low output escaping percentage
AJAX handler without capability checks

Vulnerabilities

None known

Preserved HTML Editor Markup Plus Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Preserved HTML Editor Markup Plus Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

13% escaped8 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

fix_database_content (preserved_markup_plus.php:234)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Preserved HTML Editor Markup Plus Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_emc2pm_fix_postspreserved_markup_plus.php:32

WordPress Hooks 7

actionplugins_loadedpreserved_markup_plus.php:27

filterthe_contentpreserved_markup_plus.php:46

filtertiny_mce_before_initpreserved_markup_plus.php:302

filterthe_editorpreserved_markup_plus.php:322

filterwp_insert_post_datapreserved_markup_plus.php:334

actioninitpreserved_markup_plus.php:343

actionadmin_initpreserved_markup_plus.php:348

Maintenance & Trust

Preserved HTML Editor Markup Plus Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedDec 11, 2019

PHP min version

Downloads49K

Community Trust

Rating84/100

Number of ratings36

Active installs4K

Alternatives

Preserved HTML Editor Markup Plus Alternatives

Preserved HTML Editor Markup

preserved-html-editor-markup

Preserves white space and developer edits in HTML AND WYSIWYG tab. Supports inline scripts/css, JavaScript code blocks and HTML5 content editing

700 No CVEs

Toggle wpautop

toggle-wpautop

Easily disable the default wpautop filter on a post by post basis.

10K No CVEs

Contact Form 7 Syntax Highlighting

cf7-ace-syntax-highlighting

Adds syntax higlighting to the Contact Form 7 admin screens. Requires the Contact Form 7 plugin.

1K No CVEs

HTML Editor for Contact Form 7

cf7-coder

100

Add HTML editor to Contact Form 7 with code highlighter and extended form options.

1K No CVEs

Empty P Tag

empty-p-tag

This plugin hides empty paragraphs and make your butyfull design without breaking design.

800 No CVEs

Developer Profile

Preserved HTML Editor Markup Plus Developer Profile

J-Ro

3 plugins · 4K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Preserved HTML Editor Markup Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/preserved-html-editor-markup-plus/css/preserved_markup_plus.css/wp-content/plugins/preserved-html-editor-markup-plus/js/preserved_markup_plus.js

Script Paths

/wp-content/plugins/preserved-html-editor-markup-plus/js/preserved_markup_plus.js

Version Parameters

preserved-html-editor-markup-plus/css/preserved_markup_plus.css?ver=preserved-html-editor-markup-plus/js/preserved_markup_plus.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-editor_insert_p

JS Globals

emc2_tinymce_init

FAQ