[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiTgJ4GVZ6prmNkDWFe8525AMZC6f3k_52wJFpDFOZGM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":133,"fingerprints":230},"preserved-html-editor-markup-plus","Preserved HTML Editor Markup Plus","1.5.4","J-Ro","https:\u002F\u002Fprofiles.wordpress.org\u002Fj-ro\u002F","\u003Cp>This plugin preserves the user-generated HTML markup in the TinyMCE editor.  Unlike other plugins this one allows developers to work in the HTML tab AND end-users to work in the WYSIWYG Visual tab at the same time!  No longer will your HTML markup be completely munged into an unrecognizable form when you switch between those tabs.  And you don’t have to hang your users\u002Feditors out to dry when you hand off the project with a disabled Visual tab.\u003C\u002Fp>\n\u003Ch4>IMPORTANT: Please read the installation instructions carefully.  If you have existing content it will not render properly after activating this plugin until you use the Fix It Tools.\u003C\u002Fh4>\n\u003Cp>(One user didn’t read or follow these steps and panicked thinking I ruined their website.)\u003C\u002Fp>\n\u003Cp>It also supports HTML5 Block Anchor tags in addition to other HTML5 elements, something that is currently not supported in WordPress via any existing plugins.\u003C\u002Fp>\n","Preserves HTML and developer edits in HTML AND WYSIWYG tab.  Supports inline scripts\u002Fcss, JavaScript code blocks and HTML5 content editing",4000,49094,84,36,"2019-12-11T04:50:00.000Z","5.3.21","3.2.1","",[20,21,22,23,24],"editor","html","markup","white-space","wpautop","http:\u002F\u002Fwww.marcuspope.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserved-html-editor-markup-plus.1.5.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":13,"computed_at":37},"j-ro",3,4030,30,"2026-04-04T08:14:31.292Z",[39,55,77,98,118],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":17,"requires_php":18,"tags":53,"homepage":25,"download_link":54,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"preserved-html-editor-markup","Preserved HTML Editor Markup","1.5","MarcusPope","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcuspope\u002F","\u003Cp>This plugin preserves the user-generated HTML markup in the TinyMCE editor.  Unlike other plugins this one allows developers to work in the HTML tab AND end-users to work in the WYSIWYG Visual tab at the same time!  No longer will your HTML markup be completely munged into an unrecognizable form when you switch between those tabs.  And you don’t have to hang your users\u002Feditors out to dry when you hand off the project with a disabled Visual tab.\u003C\u002Fp>\n\u003Ch4>IMPORTANT: Please read the installation instructions carefully.  If you have existing content it will not render properly after activating this plugin until you use the Fix It Tools.\u003C\u002Fh4>\n\u003Cp>(One user didn’t read or follow these steps and panicked thinking I ruined their website.)\u003C\u002Fp>\n\u003Cp>It also supports HTML5 Block Anchor tags in addition to other HTML5 elements, something that is currently not supported in WordPress via any existing plugins.\u003C\u002Fp>\n\u003Cp>Version 1.5 will probably be the last version I release for a while since my daughter will be born soon.  I’ve added support for full JavaScript code blocks in the HTML tab.  They are compatible and preserved when switching to Visual mode.  This rounds out the support for almost complete html preservation, with full use of the WYSIWYG editor. And you don’t need to wrap comment codes around it per the recommendations located here: \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FUsing_Javascript\" rel=\"nofollow ugc\">https:\u002F\u002Fcodex.wordpress.org\u002FUsing_Javascript\u003C\u002Fa> but you can leave them in if you want.\u003C\u002Fp>\n\u003Cp>Version 1.4 was just a minor patch release.  User @denl noticed a problem with the plugin CataBlog which implements its own administrative management features by disabling the ‘show_ui’ flag for its custom post type.  I was ignoring any custom post type that didn’t have a GUI, but it was an unecessary filter that probably limited other plugins.  This fix allows any post type that supports the TinyMCE editor to be “fixed” using the tools under Admin > Settings > Writing.\u003C\u002Fp>\n\u003Cp>Since version 1.3 you can now use inline CSS and JavaScript in the HTML editor and everything should be preserved.  To be clear, this applies to tags only, like \u003Ccode>onclick\u003C\u002Fcode> events and style definitions – not script blocks themselves.  To enable this feature you must disable the \u003Ccode>wptexturize\u003C\u002Fcode> and \u003Ccode>convert_chars\u003C\u002Fcode> filters by adding the following code to your theme’s \u003Ccode>functions.php\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>remove_filter(\"the_content\", \"wptexturize\");\nremove_filter(\"the_content\", \"convert_chars\");\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This new feature is pretty experimental at the moment.  I tried to make it compatible with wptexturize but that proved close to impossible without duplicating a lot of core code in my plugin.  It’s also not compatible with TinyMCE Advanced when the “stop removing p and br tags” setting is enabled.\u003Cbr \u002F>\nI’ve tested it on a variety of code samples and I’m pleased with the results but if you find any content that isn’t preserved just open a support ticket and I should be able to fix it.\u003C\u002Fp>\n\u003Cp>Since version 1.2, you now have a little more control over how content is created.  And most of the previous caveats to using this plugin are now resolved.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>You can now choose whether to use BR tags OR P tags for newlines.  Even better you can use both, where one return key press injects a BR tag, and two return key presses will wrap a Paragraph tag.  This is great for being able to wrap headers at specific break points all while enjoying the semantic perks of paragraphs.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In addition to choosing what type of tags to use, you can also change the behavior depending on the type of post, including custom post types.  So Pages can default to BR tags, and Blog Posts can default to Paragraph tags.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you have existing content that was created before activating this plugin, you can now use the Fixit feature to convert your existing content in a way that makes it render the same as before. Only use this feature (located under Admin > Settings > Writing: Fixing Existing Content) if you are installing this plugin for the first time, otherwise it will remove all of the formatted white space in your posts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Multi-line HTML comments are now supported (Thanks to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fcwlee_klagroup\" rel=\"ugc\">@cwlee_klagroup\u003C\u002Fa> for suggesting the working fix!)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The Format drop down in the TinyMCE editor had a bug which is now fixed.  It will now select “Format” if you place the cursor on a section of bare text.  Currently the editor just leaves the previously selected format option in place.  It’s minor but it’s good to know when you have bare text in your content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>There was a fairly problematic bug in the old version where in some browsers you couldn’t change the formatting of a single line in the Visual editor if you started from scratch.  Choosing a different Format option would change the entire document, with the only work around being to edit the document in HTML mode.  That was bad, and somehow went unnoticed for far too long.  Anyway, that is fixed now.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The caveats that still remains are:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>With script blocks added to your HTML markup, the right arrow key does not pass over them in the Visual Tab.  You can down arrow over them however so this will likely never be addressed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you use the Paragraph tag setting for newlines there is a minor bug where it will only wrap your content in Paragraph tags if you specify Paragraph in the Format drop down or if you enter more than one paragraph of text.  So if you just type one sentence and click save it will not wrap the content in Paragraph tags.  I tried to fix this but ran out of my allotted time working on other core issues.  Should be fixed in the next release.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For performance reasons, it will only preserve spaces if 4 spaces are used consecutively – i.e. an expanded tab in developer terms.  It will not preserve intra-tag white space like \u003Cp    >.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you do add 4 or more spaces inside of an element tag it will corrupt the markup and mangle the output.  But as this is intended for developer edits, this should be an extreme rarity given the habit is virtually non-existent in development communities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>PRE tags are not affected and behave as you would expect, however due to how browsers parse tags, the first newline in the content of a PRE tag will be wiped out unless it is padded with either another new line or multiple spaces.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>CODE tags are not preserving white space at all, and when wrapped with PRE tags white space is still removed.  I’m working to resolve this problem.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Preserves white space and developer edits in HTML AND WYSIWYG tab.  Supports inline scripts\u002Fcss, JavaScript code blocks and HTML5 content editing",700,40027,100,42,"2017-11-28T19:36:00.000Z","3.4.2",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreserved-html-editor-markup.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":75,"download_link":76,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"toggle-wpautop","Toggle wpautop","1.3.0","Jonathan Desrosiers","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesrosj\u002F","\u003Cp>\u003Cstrong>Note: This plugin does not support the block editor but should continue to work without issue when using it with custom post types and the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">Classic Editor Plugin\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Before WordPress displays a post’s content, the content gets passed through multiple filters to ensure that it safely appears how you enter it within the editor.\u003C\u002Fp>\n\u003Cp>One of these filters is \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwpautop\" title=\"wpautop\" rel=\"nofollow ugc\">wpautop\u003C\u002Fa>, which replaces double line breaks with \u003Ccode>\u003Cp>\u003C\u002Fcode> tags, and single line breaks with \u003Ccode>\u003Cbr \u002F>\u003C\u002Fcode> tags. However, this filter sometimes causes issues when you are inputting a lot of HTML markup in the post editor.\u003C\u002Fp>\n\u003Cp>This plugin displays a checkbox in the publish meta box of the post edit screen that disables the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwpautop\" title=\"wpautop\" rel=\"nofollow ugc\">wpautop\u003C\u002Fa> filter for that post.\u003C\u002Fp>\n\u003Cp>Also adds a ‘wpautop’, or ‘no-wpautop’ class to the post_class filter to help with CSS styling.\u003C\u002Fp>\n","Easily disable the default wpautop filter on a post by post basis.",10000,108022,98,32,"2021-04-07T13:35:00.000Z","5.7.15","3.0","5.6",[20,72,73,74,24],"excerpt","formatting","post-content","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoggle-wpautop","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoggle-wpautop.1.3.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":49,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":18,"download_link":97,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cf7-ace-syntax-highlighting","Contact Form 7 Syntax Highlighting","0.2.4","Joris van Montfort","https:\u002F\u002Fprofiles.wordpress.org\u002Fjorisvanmontfort\u002F","\u003Cp>Are you using HTML code in your Contact Form 7 forms and email bodies? Ace syntax highlighting enhanches the Contact Form 7 backend and makes it easy to code HTML for complex forms.\u003C\u002Fp>\n","Adds syntax higlighting to the Contact Form 7 admin screens. Requires the Contact Form 7 plugin.",1000,7134,6,"2020-05-19T11:47:00.000Z","5.4.19","4.0.1",[92,93,94,95,96],"contact-form-7","contact-form-7-form-editor","contact-form-7-html-editor","form-textarea","html-editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-ace-syntax-highlighting.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":85,"downloaded":106,"rating":49,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":116,"download_link":117,"security_score":49,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"cf7-coder","HTML Editor for Contact Form 7","1.0.1","Wow-Company","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpcalc\u002F","\u003Cp>Contact Form 7 plugin allows editing forms with a standard textarea. This addon adds an HTML editor with code highlighter to each contact form and provides many useful options to enhance your forms.\u003C\u002Fp>\n\u003Ch4>Editor Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>HTML Editor\u003C\u002Fstrong> with syntax highlighting powered by CodeMirror\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dark Theme\u003C\u002Fstrong> (Material) support for comfortable editing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-close\u003C\u002Fstrong> brackets and tags\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code folding\u003C\u002Fstrong> and line numbers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search and replace\u003C\u002Fstrong> functionality (Ctrl+F)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Form Behavior Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Test Mode\u003C\u002Fstrong> – Hide form from non-administrators for testing purposes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Auto Tags\u003C\u002Fstrong> – Remove auto-added p and br tags from form output\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect After Submit\u003C\u002Fstrong> – Redirect users to a custom URL after successful submission\n\u003Cul>\n\u003Cli>Support for ACF fields to get dynamic redirect URL from current page\u003C\u002Fli>\n\u003Cli>Option to open redirect URL in new tab\u003C\u002Fli>\n\u003Cli>Option to force file download\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide Form After Submit\u003C\u002Fstrong> – Hide the form and show only success message\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable Submit Button\u003C\u002Fstrong> – Prevent double submissions by disabling button during form submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pre-fill Fields from URL\u003C\u002Fstrong> – Auto-fill form fields from URL parameters (e.g., ?your-email=test@example.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GA\u002FGTM Event\u003C\u002Fstrong> – Send custom event to Google Analytics\u002FGTM dataLayer on successful submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scroll to Message\u003C\u002Fstrong> – Automatically scroll to success\u002Ferror message after form submission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-hide Success Message\u003C\u002Fstrong> – Automatically hide success message after specified seconds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove Refill\u003C\u002Fstrong> – Clear form fields after validation error\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Performance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Conditional Script Loading\u003C\u002Fstrong> – Load CF7 scripts and styles only on pages with contact form shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To improve the plugin’s functions and add new functions, write to us on the support \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcf7-coder\u002F\" rel=\"ugc\">forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Search for answers and ask your questions at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcf7-coder\u002F\" rel=\"ugc\">forum\u003C\u002Fa> or send requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwow-company\u002Fcf7-coder\u002Fissues\" rel=\"nofollow ugc\">github\u003C\u002Fa>.\u003C\u002Fp>\n","Add HTML editor to Contact Form 7 with code highlighter and extended form options.",10931,2,"2026-01-26T07:25:00.000Z","6.9.4","5.0","7.4",[113,114,92,96,115],"cf7","code-editor","redirect","https:\u002F\u002Fwordpress.org\u002Fcf7-coder","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-coder.1.0.1.zip",{"slug":119,"name":120,"version":69,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":86,"rating":49,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":110,"requires_php":18,"tags":129,"homepage":18,"download_link":131,"security_score":132,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"empty-p-tag","Empty P Tag","Husain Ahmed","https:\u002F\u002Fprofiles.wordpress.org\u002Fhusainahmedqureshi\u002F","\u003Cp>This plugin remove extra p and br tags from the_content, the_excerpt and widget_text_content.\u003C\u002Fp>\n","This plugin hides empty paragraphs and make your butyfull design without breaking design.",800,7,"2024-07-30T12:27:00.000Z","6.6.0",[20,72,130,73,24],"filter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fempty-p-tag.zip",92,{"attackSurface":134,"codeSignals":174,"taintFlows":194,"riskAssessment":221,"analyzedAt":229},{"hooks":135,"ajaxHandlers":165,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":140,"unprotectedCount":28},[136,143,147,151,155,159,162],{"type":137,"name":138,"callback":139,"priority":140,"file":141,"line":142},"action","plugins_loaded","init",1,"preserved_markup_plus.php",27,{"type":130,"name":144,"callback":145,"file":141,"line":146},"the_content","better_wptexturize",46,{"type":130,"name":148,"callback":149,"file":141,"line":150},"tiny_mce_before_init","init_tiny_mce",302,{"type":130,"name":152,"callback":153,"priority":140,"file":141,"line":154},"the_editor","fix_editor_content",322,{"type":130,"name":156,"callback":157,"priority":140,"file":141,"line":158},"wp_insert_post_data","fix_post_content",334,{"type":137,"name":139,"callback":160,"file":141,"line":161},"remove_evil",343,{"type":137,"name":163,"callback":163,"file":141,"line":164},"admin_init",348,[166],{"action":167,"nopriv":168,"callback":169,"hasNonce":170,"hasCapCheck":168,"file":141,"line":66},"emc2pm_fix_posts",false,"fix_database_content",true,[],[],[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":179,"fileOperations":28,"externalRequests":28,"nonceChecks":140,"capabilityChecks":28,"bundledLibraries":193},[],{"prepared":177,"raw":28,"locations":178},4,[],{"escaped":140,"rawEcho":126,"locations":180},[181,184,186,187,189,190,192],{"file":141,"line":182,"context":183},430,"raw output",{"file":141,"line":185,"context":183},442,{"file":141,"line":185,"context":183},{"file":141,"line":188,"context":183},443,{"file":141,"line":188,"context":183},{"file":141,"line":191,"context":183},444,{"file":141,"line":191,"context":183},[],[195,213],{"entryPoint":196,"graph":197,"unsanitizedCount":28,"severity":212},"fix_database_content (preserved_markup_plus.php:234)",{"nodes":198,"edges":210},[199,204],{"id":200,"type":201,"label":202,"file":141,"line":203},"n0","source","$_GET['post_type']",253,{"id":205,"type":206,"label":207,"file":141,"line":208,"wp_function":209},"n1","sink","get_results() [SQLi]",251,"get_results",[211],{"from":200,"to":205,"sanitized":170},"low",{"entryPoint":214,"graph":215,"unsanitizedCount":28,"severity":212},"\u003Cpreserved_markup_plus> (preserved_markup_plus.php:0)",{"nodes":216,"edges":219},[217,218],{"id":200,"type":201,"label":202,"file":141,"line":203},{"id":205,"type":206,"label":207,"file":141,"line":208,"wp_function":209},[220],{"from":200,"to":205,"sanitized":170},{"summary":222,"deductions":223},"The 'preserved-html-editor-markup-plus' plugin version 1.5.4 exhibits a generally good security posture based on the static analysis provided.  The absence of any known CVEs and a clean vulnerability history are significant strengths. The code also demonstrates good practices with all SQL queries utilizing prepared statements and a nonce check present.  However, there are areas for improvement. The low percentage of properly escaped output (13%) indicates a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate sanitization. Additionally, the lack of capability checks on the single AJAX handler is a concern, as it means any authenticated user could potentially trigger its functionality, regardless of their role or permissions. The absence of critical taint flows and dangerous functions is positive, suggesting that while output escaping is weak, the plugin doesn't appear to be directly handling sensitive data in a highly insecure manner or executing dangerous operations.",[224,226],{"reason":225,"points":87},"Low output escaping percentage",{"reason":227,"points":228},"AJAX handler without capability checks",5,"2026-03-16T18:17:08.754Z",{"wat":231,"direct":240},{"assetPaths":232,"generatorPatterns":235,"scriptPaths":236,"versionParams":237},[233,234],"\u002Fwp-content\u002Fplugins\u002Fpreserved-html-editor-markup-plus\u002Fcss\u002Fpreserved_markup_plus.css","\u002Fwp-content\u002Fplugins\u002Fpreserved-html-editor-markup-plus\u002Fjs\u002Fpreserved_markup_plus.js",[],[234],[238,239],"preserved-html-editor-markup-plus\u002Fcss\u002Fpreserved_markup_plus.css?ver=","preserved-html-editor-markup-plus\u002Fjs\u002Fpreserved_markup_plus.js?ver=",{"cssClasses":241,"htmlComments":242,"htmlAttributes":244,"restEndpoints":246,"jsGlobals":247,"shortcodeOutput":249},[],[243],"\u003C!-- Preserve whitespace within this comment block -->",[245],"data-editor_insert_p",[],[248],"emc2_tinymce_init",[]]