[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqdC8TAiayG1uTmojOizBca7s4TCapZg6vYOrFOwTXO0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":11,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":134,"fingerprints":201},"remove-layout-destroying-html-tags","Remove layout destroying HTML-Tags","0.4.2","Stefano Picco","https:\u002F\u002Fprofiles.wordpress.org\u002Fspicone\u002F","\u003Cp>\u003Cstrong>Copy&Paste Cleaner\u003C\u002Fstrong>. If you want to quickly fill a post or a page with content that already exists, \u003Cstrong>copy&paste\u003C\u002Fstrong> is often used and it can destroy the layout of a website!\u003C\u002Fp>\n\u003Cp>The basic problem is that if you copy&paste content from different sources into the visual editor, any formatting is copied over. Specifically, whether from \u003Cstrong>text documents\u003C\u002Fstrong>, other \u003Cstrong>websites\u003C\u002Fstrong>, \u003Cstrong>online-shops\u003C\u002Fstrong> and \u003Cstrong>cms\u003C\u002Fstrong> or even from \u003Cstrong>social media\u003C\u002Fstrong>, something comes along everywhere.\u003C\u002Fp>\n\u003Cp>As there are often \u003Cstrong>DIVs\u003C\u002Fstrong> in addition to harmless HTML elements, these can cause the rendering of your own website to be faulty or interrupted.\u003C\u002Fp>\n\u003Cp>To avoid this, this plugin checks the existing formatting and attributes and removes all those that could lead to a problem and then saves it directly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you copy and paste into the text editor, there is usually no problem.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Tested with these page builders:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Classic editor\u003C\u002Fli>\n\u003Cli>Gutenberg\u003C\u002Fli>\n\u003Cli>Divi 4.27\u003C\u002Fli>\n\u003Cli>Elementor 3.33\u003C\u002Fli>\n\u003Cli>WPBakery 8.7\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy GDPR\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin processes the analyzed and converted HTML only within the respective website. No content is stored or transferred to other servers or services for processing. Data protection in accordance with the GDPR is therefore guaranteed at all times.\u003C\u002Fp>\n","Copy&Paste Cleaner. Cleanup the code in post and page editor after using copy&paste content from different sources and automatic saving.",100,1824,1,"2025-12-03T11:51:00.000Z","6.9.4","6.7","7.4",[19,20,21,22,23],"cleanup","html","safe","secure","wysiwyg","https:\u002F\u002Fspic.wordpress.com\u002F2025\u002F02\u002F27\u002Fsimples-plugin-um-das-copypaste-risiko-in-wordpress-zu-minimieren\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-layout-destroying-html-tags.0.4.2.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":11,"avg_security_score":11,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"spicone",30,94,"2026-04-04T12:15:09.173Z",[36,56,80,97,116],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":53,"download_link":54,"security_score":55,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"clean-html","Cleanup HTML","1.1","closemarketing","https:\u002F\u002Fprofiles.wordpress.org\u002Fclosemarketing\u002F","\u003Cp>Adds a button to your classic editor visual toolbar that when clicked strips all \u003Ccode>div\u003C\u002Fcode>, ‘table’, \u003Ccode>span\u003C\u002Fcode> tags from your post HTML code — those are usually junk tags. The stripping includes any tag attributes.\u003C\u002Fp>\n","Adds a button to your classic editor visual toolbar that when clicked strips all div, 'table', span tags from your post HTML code -- those a &hellip;",4000,8228,4,"2020-11-30T08:11:00.000Z","5.6.17","3.0","",[37,20,52,23],"tinymce","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclean-html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-html.1.1.zip",85,{"slug":57,"name":58,"version":59,"author":57,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":50,"tags":70,"homepage":75,"download_link":76,"security_score":77,"vuln_count":78,"unpatched_count":78,"last_vuln_date":79,"fetched_at":28},"richtexteditor","Rich Text Editor","1.0.1","https:\u002F\u002Fprofiles.wordpress.org\u002Frichtexteditor\u002F","\u003Cp>Rich Text Editor for WordPress [Rich Text Editor for WordPress](http:\u002F\u002Fphphtmleditor.com\u002Fwordpress\u002F “Rich Text Editor for WordPress”1) is by far the fastest, cleanest, most powerful online wysiwyg content editor. It replaces default WordPress wysiwyg(what you see is what you get) editor with a more advanced wysiwyg editor.\u003C\u002Fp>\n\u003Ch4>Some of the features added by this plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Support for creating and editing tables.\u003C\u002Fli>\n\u003Cli>More options when inserting lists.\u003C\u002Fli>\n\u003Cli>Search and Replace in the editor.\u003C\u002Fli>\n\u003Cli>Ability to set Font Family and Font Size.\u003C\u002Fli>\n\u003Cli>And many others.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Rich Text Editor toolbar is completely configurable and it is also effortless to implement. This Advanced WordPress Editor plug-in is compatible with the WordPress v. 3.0+.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>#1 cross-browser support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most available RTEs fail to support the full spectrum of A-Grade web browsers. Following 9 year old tradition of industry #1 cross-browser support, Rich Text Editor for WordPress continues to offer even better quality and compatibility by supporting all major browsers: IE 6.0+, Firefox 2.0+, Mozilla 1.3+, Netscape 7+, Safari (1.3+), Opera 9.0, IE 9 and Chrome.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cleanest html code\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most WYSIWYG editors are just JavaScript wrappers around the editing control built into browsers such as MSHTML control found in IE. They generate bad markups and then run code clean-up routines against it. By contrast, Rich Text Editor for WordPress is built from the ground up to be a true XHTML editor in its own right.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Extremely small and fast\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most feature-rich WYSIWYG editors suffer long loading times due to large javascript files. Rich Text Editor for WordPress only loads the necessaery scripts to client browsers. Numerous optimization methods have been applied. It’s clean, compact, extremely fast-loading, but still powerful and efficient.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Insert clean HTML from Microsoft Word\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>High Reliability, Scalability and High Load Support\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When text is pasted from Microsoft Word a lot of unnecessary word specific markup is carried across. This can result in web pages that take an unnecessarily long time to download. The Paste from Word button solves this by removing word markup before pasting the text into your page\u003C\u002Fp>\n\u003Cp>Try Demo now! \u003Ca href=\"http:\u002F\u002Fphphtmleditor.com\u002Fdemo\u002F\" title=\"RTE DEMO\" rel=\"nofollow ugc\">RTE DEMO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Take a tour to see why you need RichTextEditor on your website: http:\u002F\u002Fphphtmleditor.com\u002Fscreenshots.html\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>http:\u002F\u002Fphphtmleditor.com\u002Fscreenshots.html\u003C\u002Fp>\n","This plugin integrates your Wordpress with RichTextEditor - the most powerful online wysiwyg content editor.",60,74079,64,22,"2016-12-31T04:52:00.000Z","4.7.32","4.0",[71,72,73,57,74],"php-editor","php-html-editor","rich-text-editor","wysiwyg-editor","http:\u002F\u002Fphphtmleditor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frichtexteditor.zip",43,2,"2025-04-02 00:00:00",{"slug":81,"name":82,"version":39,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":26,"num_ratings":26,"last_updated":89,"tested_up_to":90,"requires_at_least":49,"requires_php":50,"tags":91,"homepage":95,"download_link":96,"security_score":55,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"html-regex-replace","HTML Regex Replace","Nick Lugovskoy","https:\u002F\u002Fprofiles.wordpress.org\u002Flugovskoy\u002F","\u003Cp>\u003Cstrong>HTML Regex Replace\u003C\u002Fstrong> use find&replace mechanism based on regexp\u003Cbr \u002F>\nfor your posts\u002Fpages. Plugin \u003Cem>finds\u003C\u002Fem> html or text \u003Cem>using regular\u003Cbr \u002F>\nexpressions\u003C\u002Fem> and replaces it with predefined \u003Cem>‘New string’\u003C\u002Fem>.\u003Cbr \u002F>\nUnlimited replacement rules. You can specify any amount of short codes, and no buttons!\u003C\u002Fp>\n\u003Cp>For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(c) -> Copyright\n[me] -> My Full Name\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Short code ‘(c)’ will be replaced with ‘Copyright’ and ‘[me]’ with ‘My Full Name’.\u003C\u002Fp>\n\u003Cp>More than that you can fix html code or remove unwanted automatically inserted html\u003Cbr \u002F>\n(for example, chrome-auto-translate-plugin-dialog inserted by Auto-Translate\u003Cbr \u002F>\nchrome plugin).\u003C\u002Fp>\n\u003Ch4>Support Forum\u003C\u002Fh4>\n\u003Cp>Please use plugin support blog \u003Ca href=\"http:\u002F\u002Fwp-regrep.blogspot.com\u002F\" title=\"HTML Regex Replace blog\" rel=\"nofollow ugc\">HERE\u003C\u002Fa>\u003Cbr \u002F>\nfor help.\u003C\u002Fp>\n","Replace any html you write in editor (Visual or HTML) with pre-defined string. Use Regexp to define patterns for replacement.",10,4622,"2012-01-19T12:43:00.000Z","3.3.2",[20,92,93,94,23],"regex","regexp","replace","http:\u002F\u002Fwp-regrep.blogspot.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-regex-replace.1.1.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":87,"downloaded":105,"rating":11,"num_ratings":78,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":50,"tags":109,"homepage":114,"download_link":115,"security_score":55,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"secure-login","Secure Login","1.0.4","David Leonard","https:\u002F\u002Fprofiles.wordpress.org\u002Fd4v1d\u002F","\u003Cp>Secure your WordPress site with WordPress Secure Login.\u003C\u002Fp>\n\u003Cp>WordPress Secure Login provides 2-step verification on login. Once a user submits their login credentials, a One Time Pin (OTP) is emailed to them. They need to enter this OTP in order to continue to login.\u003C\u002Fp>\n\u003Cp>Stop Brute force hacking attempts, and keep your data safe!\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* Easy to install!\n* Easy to replace the Email system with an SMS Gateway\n* WordPress 4.0 Ready!\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Secure, 2 step Verification for WordPress login, via One Time Pin (OTP).",3222,"2014-12-20T12:12:00.000Z","4.1.42","3.9",[110,111,112,22,113],"2-step","login","safety","verification","http:\u002F\u002Frockingthemes.com\u002Fwordpress-plugins\u002Fsecure-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-login.1.0.4.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":87,"downloaded":124,"rating":11,"num_ratings":78,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":50,"tags":128,"homepage":132,"download_link":133,"security_score":55,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"smart-editor","Smart Editor","0.8.2","wadadanet","https:\u002F\u002Fprofiles.wordpress.org\u002Fwadadanet\u002F","\u003Cp>WYSIWYG(What You See Is What You Get.) HTML5 Editor.\u003Cbr \u002F>\nPlugin which edits a Page directly from a preview screen.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FVVfohIyBaww?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.coffee-break-designs.com\u002Fplugin\u002Fword-press\u002Fsmart-editor\u002F\" title=\"Official site\" rel=\"nofollow ugc\">official site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>日本語:\u003Cbr \u002F>\n本当のWYSIWYGエディターです。\u003Cbr \u002F>\nだって、プレビュー画面で編集しているんだもん。\u003Cbr \u002F>\n詳しくは\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.coffee-break-designs.com\u002Fplugin\u002Fword-press\u002Fsmart-editor\u002F\" title=\"Official site\" rel=\"nofollow ugc\">official site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Since there is no contribution, it cannot develop at all. (TT)\u003C\u002Fp>\n","WYSIWYG(What You See Is What You Get.) HTML5 Editor,",3399,"2014-03-05T06:07:00.000Z","3.7.41","3.6",[129,130,131,23],"editor","html5","preview","http:\u002F\u002Fwww.coffee-break-designs.com\u002Fplugin\u002Fword-press\u002Fsmart-editor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-editor.zip",{"attackSurface":135,"codeSignals":180,"taintFlows":194,"riskAssessment":195,"analyzedAt":200},{"hooks":136,"ajaxHandlers":170,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":13,"unprotectedCount":26},[137,143,148,154,158,162,166],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","elementor\u002Feditor\u002Ffooter","rldht_add_elementor_cleanup_button","inc\\rldht_inc_elementor.php",16,{"type":138,"name":144,"callback":145,"file":146,"line":147},"init","rldht_custom_vc_tinymce_support","inc\\rldht_inc_wpbakery.php",11,{"type":149,"name":150,"callback":151,"file":152,"line":153},"filter","mce_buttons","rldht_add_tinymce_button","remove-layout-destroying-html-tags.php",132,{"type":149,"name":155,"callback":156,"file":152,"line":157},"mce_external_plugins","rldht_add_tinymce_plugin",139,{"type":138,"name":159,"callback":160,"file":152,"line":161},"admin_init","rldht_register_ajax_handlers",145,{"type":138,"name":163,"callback":164,"priority":13,"file":152,"line":165},"enqueue_block_editor_assets","rldht_enqueue_block_editor_assets",238,{"type":138,"name":167,"callback":168,"file":152,"line":169},"admin_enqueue_scripts","rldht_enqueue_admin_scripts",265,[171],{"action":172,"nopriv":173,"callback":174,"hasNonce":175,"hasCapCheck":173,"file":152,"line":176},"rldht_cleanup_content",false,"rldht_cleanup_content_ajax_handler",true,142,[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":26,"externalRequests":26,"nonceChecks":13,"capabilityChecks":26,"bundledLibraries":190},[],{"prepared":26,"raw":26,"locations":183},[],{"escaped":185,"rawEcho":13,"locations":186},17,[187],{"file":141,"line":188,"context":189},69,"raw output",[191],{"name":192,"version":27,"knownCves":193},"TinyMCE",[],[],{"summary":196,"deductions":197},"The 'remove-layout-destroying-html-tags' plugin v0.4.2 exhibits a generally strong security posture based on the provided static analysis. The plugin avoids dangerous functions, all SQL queries are properly prepared, and the vast majority of output is correctly escaped. Furthermore, there are no recorded vulnerabilities (CVEs) for this plugin, and the taint analysis revealed no problematic data flows. The presence of a nonce check on its single AJAX handler is a positive indicator of security awareness.\n\nHowever, a notable concern arises from the complete absence of capability checks on its AJAX handler. While it has a nonce check, which prevents cross-site request forgery, it does not verify if the logged-in user has the necessary permissions to execute the AJAX action. This could potentially allow any authenticated user, regardless of their role, to trigger the plugin's functionality, which might be undesirable or lead to unexpected consequences if the AJAX action has side effects. The plugin also bundles TinyMCE, and while no specific issues are flagged here, relying on bundled libraries can sometimes introduce risks if they are outdated or have their own vulnerabilities that are not addressed.\n\nIn conclusion, the plugin demonstrates good practices in several critical areas like SQL and output sanitization and boasts a clean vulnerability history. The primary weakness lies in the lack of capability checks for its AJAX endpoint. Addressing this would significantly bolster its security. The absence of other common vulnerabilities suggests a well-developed plugin, but the permission handling on the AJAX endpoint is a key area for improvement.",[198],{"reason":199,"points":87},"Missing capability check on AJAX handler","2026-03-16T21:07:51.262Z",{"wat":202,"direct":210},{"assetPaths":203,"generatorPatterns":207,"scriptPaths":208,"versionParams":209},[204,205,206],"\u002Fwp-content\u002Fplugins\u002Fremove-layout-destroying-html-tags\u002Fjs\u002Frldht_tinymce-cleanup-button.js","\u002Fwp-content\u002Fplugins\u002Fremove-layout-destroying-html-tags\u002Fjs\u002Frldht_gutenberg-block.js","\u002Fwp-content\u002Fplugins\u002Fremove-layout-destroying-html-tags\u002Fimages\u002Frldht_icon.svg",[],[],[],{"cssClasses":211,"htmlComments":212,"htmlAttributes":213,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":220},[],[],[214,215,216],"data-rldht-nonce","data-rldht-ajaxurl","data-rldht-iconurl",[],[219],"window.rldht_vars",[]]