[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsJzZXL6eDUklQGRxYVqoxFHQaxuACH9NlROH0xtrhaE":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":56,"crawl_stats":35,"alternatives":61,"analysis":163,"fingerprints":371},"richtexteditor","Rich Text Editor","1.0.1","https:\u002F\u002Fprofiles.wordpress.org\u002Frichtexteditor\u002F","\u003Cp>Rich Text Editor for WordPress [Rich Text Editor for WordPress](http:\u002F\u002Fphphtmleditor.com\u002Fwordpress\u002F “Rich Text Editor for WordPress”1) is by far the fastest, cleanest, most powerful online wysiwyg content editor. It replaces default WordPress wysiwyg(what you see is what you get) editor with a more advanced wysiwyg editor.\u003C\u002Fp>\n\u003Ch4>Some of the features added by this plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Support for creating and editing tables.\u003C\u002Fli>\n\u003Cli>More options when inserting lists.\u003C\u002Fli>\n\u003Cli>Search and Replace in the editor.\u003C\u002Fli>\n\u003Cli>Ability to set Font Family and Font Size.\u003C\u002Fli>\n\u003Cli>And many others.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Rich Text Editor toolbar is completely configurable and it is also effortless to implement. This Advanced WordPress Editor plug-in is compatible with the WordPress v. 3.0+.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>#1 cross-browser support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most available RTEs fail to support the full spectrum of A-Grade web browsers. Following 9 year old tradition of industry #1 cross-browser support, Rich Text Editor for WordPress continues to offer even better quality and compatibility by supporting all major browsers: IE 6.0+, Firefox 2.0+, Mozilla 1.3+, Netscape 7+, Safari (1.3+), Opera 9.0, IE 9 and Chrome.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cleanest html code\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most WYSIWYG editors are just JavaScript wrappers around the editing control built into browsers such as MSHTML control found in IE. They generate bad markups and then run code clean-up routines against it. By contrast, Rich Text Editor for WordPress is built from the ground up to be a true XHTML editor in its own right.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Extremely small and fast\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most feature-rich WYSIWYG editors suffer long loading times due to large javascript files. Rich Text Editor for WordPress only loads the necessaery scripts to client browsers. Numerous optimization methods have been applied. It’s clean, compact, extremely fast-loading, but still powerful and efficient.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Insert clean HTML from Microsoft Word\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>High Reliability, Scalability and High Load Support\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When text is pasted from Microsoft Word a lot of unnecessary word specific markup is carried across. This can result in web pages that take an unnecessarily long time to download. The Paste from Word button solves this by removing word markup before pasting the text into your page\u003C\u002Fp>\n\u003Cp>Try Demo now! \u003Ca href=\"http:\u002F\u002Fphphtmleditor.com\u002Fdemo\u002F\" title=\"RTE DEMO\" rel=\"nofollow ugc\">RTE DEMO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Take a tour to see why you need RichTextEditor on your website: http:\u002F\u002Fphphtmleditor.com\u002Fscreenshots.html\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>http:\u002F\u002Fphphtmleditor.com\u002Fscreenshots.html\u003C\u002Fp>\n","This plugin integrates your Wordpress with RichTextEditor - the most powerful online wysiwyg content editor.",60,74079,64,22,"2016-12-31T04:52:00.000Z","4.7.32","4.0","",[19,20,21,4,22],"php-editor","php-html-editor","rich-text-editor","wysiwyg-editor","http:\u002F\u002Fphphtmleditor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frichtexteditor.zip",43,2,"2025-04-02 00:00:00","2026-03-15T15:16:48.613Z",[30,44],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-31736","rich-text-editor-missing-authorization","Rich Text Editor \u003C= 1.0.1 - Missing Authorization","The Rich Text Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=1.0.1","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-04-08 15:15:13",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F561c6906-1db0-49de-b291-b0eef4a62b98?source=api-prod",{"id":45,"url_slug":46,"title":47,"description":48,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":49,"cvss_vector":50,"vuln_type":51,"published_date":52,"updated_date":53,"references":54,"days_to_patch":35},"CVE-2025-31623","rich-text-editor-cross-site-request-forgery-to-stored-cross-site-scripting","Rich Text Editor \u003C= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Rich Text Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-03-31 00:00:00","2025-04-08 15:15:47",[55],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faf99651a-2975-4985-a7de-bdd8ab0d92d0?source=api-prod",{"slug":4,"display_name":4,"profile_url":7,"plugin_count":57,"total_installs":10,"avg_security_score":25,"avg_patch_time_days":58,"trust_score":59,"computed_at":60},1,30,54,"2026-04-04T05:51:02.937Z",[62,86,105,125,145],{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":17,"requires_php":76,"tags":77,"homepage":82,"download_link":83,"security_score":84,"vuln_count":85,"unpatched_count":85,"last_vuln_date":35,"fetched_at":28},"code-manager","Code Manager","1.0.45","Passionate Programmer Peter","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeterschulznl\u002F","\u003Cp>The Code Manager allows WordPress users to write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Code Management\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List, edit, delete, copy, import and export code\u003C\u002Fli>\n\u003Cli>Open multiple code editors simultaneously in tab mode\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable code\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable preview mode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode (FREE)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP code blocks from a shortcode\u003C\u002Fli>\n\u003Cli>JavaScript code blocks from a shortcode\u003C\u002Fli>\n\u003Cli>CSS from a shortcode\u003C\u002Fli>\n\u003Cli>HTML blocks from a shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced code (PREMIUM)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP server code – no more need to edit functions.php\u003C\u002Fli>\n\u003Cli>Add CCS and JS resource files to back-end and front-end\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit the plugin website for downloadable demos and example code.\u003C\u002Fp>\n\u003Ch3>Plugin Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002F\" rel=\"nofollow ugc\">Plugin Website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-manager\u002F\" rel=\"ugc\">Download Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002Fblog\u002Fdocs\u002Findex\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002Fcode\u002F\" rel=\"nofollow ugc\">Code Examples\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.",500,84963,98,8,"2025-12-02T11:45:00.000Z","6.9.4","7.0",[78,79,80,81,19],"code-blocks","code-snippets","css-editor","javascript-editor","https:\u002F\u002Fcode-manager.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-manager.1.0.45.zip",100,0,{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":84,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":17,"tags":100,"homepage":102,"download_link":103,"security_score":104,"vuln_count":85,"unpatched_count":85,"last_vuln_date":35,"fetched_at":28},"easy-wysiwyg-style","Easy Wysiwyg Style","1.2","jokiruiz","https:\u002F\u002Fprofiles.wordpress.org\u002Fjokioki\u002F","\u003Cp>The Easy Wysiwyg Style plugin allows you to see your styles in the editor in\u003Cbr \u002F>\nreal time. You won’t need to press preview.\u003C\u002Fp>\n\u003Cp>Enhances your Wysiwyg and adds the insert table functionality.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Open Settings -> Easy Wysiwyg Style\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Specify the Context Class name (if exists). The context class name is the\u003Cbr \u002F>\ncss class that wraps the container where you place your Wysiwyg content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Specify the CSS file location in your theme (style.css , css\u002Fstyle.css)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>From v1.1\u003C\u002Fstrong> It adds the insert table functionality.\u003C\u002Fp>\n\u003Cp>Do you use worpdress admin with an iPad? Don´t worry, this plugin is fully\u003Cbr \u002F>\nadapted for tablets and smartphones.\u003C\u002Fp>\n\u003Cp>\u003Cem>Thank you for downloading! your feedback is well appreciated!\u003C\u002Fem>\u003C\u002Fp>\n","The Easy Wysiwyg Style WordPress plugin makes it even easier to format your content and customize your site. Enhances your Wysiwyg and includes the in …",400,13910,5,"2015-10-31T16:17:00.000Z","4.3.34","3.0.1",[101],"wysiwyg-editor-style-css-preview","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-wysiwyg-style\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-wysiwyg-style.zip",85,{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":85,"num_ratings":85,"last_updated":115,"tested_up_to":75,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":123,"download_link":124,"security_score":84,"vuln_count":85,"unpatched_count":85,"last_vuln_date":35,"fetched_at":28},"class-widget-ats-text","widget text class ats","8.8.5","mishaATs","https:\u002F\u002Fprofiles.wordpress.org\u002Faleksats\u002F","\u003Cp>Простой текстовый виджет позволит вам запускать PHP и шорткод (shortcode) сразу после активации плагина widget text class ats (WordPress виджет по умолчанию этого не позволяет!)- widget text class ats совместим с новыми виджетами! Удобный вариант классического текстового виджета (без редакторов) после обновления WordPress 4.8.\u003Cbr \u002F>\nA simple text widget will allow you to run PHP and short code (shortcode), immediately after activation of the plugin widget text class ats (in WordPress 4.8 editors added!) – Compatibility with new widgets!\u003Cbr \u002F>\nA convenient way to install classic text widget (without editors after updating WordPress with 4.8)\u003C\u002Fp>\n\u003Ch3>Tags\u003C\u002Fh3>\n\u003Cp>is PHP in widgets, text php editor, text php widget, simple php text widget, widget text class ats\u003C\u002Fp>\n\u003Ch3>8.8.5\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>8.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>8.0\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.9\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.8\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.5\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.4\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.7.7\u003C\u002Fh3>\n\u003Cp>prevention\u003C\u002Fp>\n\u003Ch3>7.7.5\u003C\u002Fh3>\n\u003Cp>prevention\u003C\u002Fp>\n\u003Ch3>7.7.3\u003C\u002Fh3>\n\u003Cp>prevention and tested with WordPress version 4.9\u003C\u002Fp>\n\u003Ch3>7.4.8\u003C\u002Fh3>\n\u003Cp>Added folder for extensions mih-alica and files\u003C\u002Fp>\n\u003Ch3>7.4.7\u003C\u002Fh3>\n\u003Cp>Now (2) the plugin knows himself to work out the php code in the widget and work with shortcode!!\u003Cbr \u002F>\nadded file 2 and folder mih-alica\u003C\u002Fp>\n\u003Ch4>0.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ADD: Russian localization\u003C\u002Fli>\n\u003C\u002Ful>\n","Простой текстовый виджет позволит вам запускать PHP и шорткод (shortcode) сразу после активации плагина widget text class ats (WordPress виджет по умо …",80,4354,"2025-12-13T05:09:00.000Z","3.0","5.6",[119,120,121,122],"is-php-in-widgets","text-php-editor","text-php-widget","text-widget","https:\u002F\u002Fmihalica.ru\u002Fproduct\u002Fplagin-mats-widget-privyichnyiy-tekstovyiy-vidzhet-bez-redaktora\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclass-widget-ats-text.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":57,"last_updated":17,"tested_up_to":136,"requires_at_least":116,"requires_php":17,"tags":137,"homepage":142,"download_link":143,"security_score":84,"vuln_count":85,"unpatched_count":85,"last_vuln_date":35,"fetched_at":144},"save-me","Save Me","1.1","davidfcarr","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidfcarr\u002F","\u003Cp>The Save Me plugin saves JavaScript and other inline code from distortion by the WordPress rich text editor. Add code in the editor’s VISUAL mode, bracketing it with the shortcode \u003Ccode>[saveme][\u002Fsaveme]\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>While it is possible without a plugin to switch to HTML editing mode and paste JavaScript into a post, often the code will be scrambled if you toggle back and forth between the HTML and Visual modes. For example, the TinyMCE editor sometimes eliminates what it doesn’t understand — like empty divs into which your JavaScript or AJAX widget needs to inject content. And since JavaScript code is not displayed with any representation in the visual editor, it’s easy to accidentally delete.\u003C\u002Fp>\n\u003Cp>In rich tech mode, the editor will treat your code as if it were a code sample you were writing about, rather than a script to be executed. You may see distortions, like quotation marks being turned into curly quotes, but at least you can keep track of where you inserted the code. The saveme shortcode function reverses HTML entity transformations and turns your JavaScript widget back into executable code.\u003C\u002Fp>\n\u003Cp>The saveme shortcode has been tested with Facebook social widgets and Google Adsense JavaScript blocks. If you encounter JavaScript that does not work after being passed through this function, contact me through \u003Ca href=\"http:\u002F\u002Fwww.carrcommunications.com\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Carr Communications Inc.\u003C\u002Fstrong>\u003C\u002Fa> and I will try to determine why not.\u003C\u002Fp>\n\u003Cp>This is a spinoff of a similar function in \u003Ca href=\"http:\u002F\u002Fwww.carrcommunications.com\u002Fwordpress-plugins\u002Ffacebook-tab-manager\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Facebook Tab Manager for WordPress\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>Facebook Tab Manager\nCopyright (C) 2011 David F. Carr\n\nThis program is free software: you can redistribute it and\u002For modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nSee the GNU General Public License at \u003Chttp:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F>.\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Saves JavaScript and other inline code from distortion by the WordPress rich text editor. Add code in the editor's VISUAL mode, bracketing it wit …",10,2192,20,"3.1.4",[138,139,21,140,141],"code","javascript","shortcode","shortcodes","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsave-me\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsave-me.1.1.zip","2026-03-15T14:44:11.924Z",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":133,"downloaded":153,"rating":135,"num_ratings":57,"last_updated":154,"tested_up_to":155,"requires_at_least":17,"requires_php":17,"tags":156,"homepage":161,"download_link":162,"security_score":104,"vuln_count":85,"unpatched_count":85,"last_vuln_date":35,"fetched_at":28},"tinymce-for-wp-e-commerce-additional-description","Add TinyMCE to the Additional Description field","1.0","LeaderProjects","https:\u002F\u002Fprofiles.wordpress.org\u002Fleaderprojects\u002F","\u003Cp>TinyMCE for WP E-Commerce Additional Description – plugin created for one of the world’s leading ecommerce solutions, powered by WordPress. This plugin is for those who do not want to or cannot be limited to plain text typing in Additional Description field. This plugin enables rich text editing on the WPEC products Additional Description field.\u003C\u002Fp>\n\u003Cp>After installing additional plugins extending the standard WP TinyMCE options, you will get all Rich Text Editor and you can use it in additional description field.\u003Cbr \u002F>\nFor example: you can insert links or even additional product photos, even without buying GoldenCart!\u003C\u002Fp>\n\u003Cp>Please visit \u003Ca href=\"http:\u002F\u002Fwww.leaderprojects.com\u002Ftinymce-for-wp-e-commerce-additional-description-field\u002F\" rel=\"nofollow ugc\">LeaderProjects website\u003C\u002Fa>  for Comments, Questions or PayPal Donations.\u003C\u002Fp>\n","Add TinyMCE to the Additional Description field of WP E-Commerce. Possibility insert additional product photos, even without buying GoldenCart!",3710,"2012-01-08T19:02:00.000Z","3.3.2",[157,21,158,159,160],"additional-description","spec","tinymce","wp-e-commerce","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftinymce-for-wpec-additional-description\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftinymce-for-wp-e-commerce-additional-description.zip",{"attackSurface":164,"codeSignals":206,"taintFlows":307,"riskAssessment":355,"analyzedAt":370},{"hooks":165,"ajaxHandlers":202,"restRoutes":203,"shortcodes":204,"cronEvents":205,"entryPointCount":85,"unprotectedCount":85},[166,172,176,180,184,188,191,195,198],{"type":167,"name":168,"callback":169,"file":170,"line":171},"action","init","rteeditor_init","richtexteditor_wordpress.php",15,{"type":167,"name":168,"callback":173,"priority":174,"file":170,"line":175},"check_featured_image_capability",999,23,{"type":167,"name":177,"callback":178,"file":170,"line":179},"admin_menu","add_option_page",28,{"type":167,"name":181,"callback":182,"file":170,"line":183},"admin_print_scripts","add_post_editor",31,{"type":167,"name":185,"callback":186,"file":170,"line":187},"wp_print_scripts","add_comment_editor",35,{"type":167,"name":189,"callback":189,"file":170,"line":190},"admin_print_footer_scripts",38,{"type":167,"name":192,"callback":193,"file":170,"line":194},"admin_head","KillTinyMCE",42,{"type":167,"name":196,"callback":193,"file":170,"line":197},"option_posts_per_page",45,{"type":167,"name":168,"callback":199,"file":200,"line":201},"error_reporting","richtexteditor_wordpress_class.php",40,[],[],[],[],{"dangerousFunctions":207,"sqlUsage":221,"outputEscaping":223,"fileOperations":256,"externalRequests":85,"nonceChecks":85,"capabilityChecks":85,"bundledLibraries":306},[208,213,216],{"fn":209,"file":210,"line":211,"context":212},"create_function","richtexteditor\\include_cs2.php",21,"return preg_replace_callback(\"\u002FX\u002F\",create_function(\"\",'return substr(\"0123456789ABCDEF\",rand(0,15),1",{"fn":209,"file":214,"line":215,"context":212},"richtexteditor\\server_php\\phpuploader\\include_phpuploader.php",298,{"fn":217,"file":218,"line":219,"context":220},"shell_exec","richtexteditor\\server_php\\server-scripts\\spellchecker.php",104,"if( $aspellret = shell_exec( $cmd )) {",{"prepared":57,"raw":85,"locations":222},[],{"escaped":26,"rawEcho":224,"locations":225},41,[226,230,232,234,237,239,241,243,245,247,249,251,253,255,257,258,259,261,262,264,266,268,269,271,273,275,277,279,281,283,285,287,289,291,293,295,296,298,300,302,304],{"file":227,"line":228,"context":229},"includes\\wppagelinks.php",24,"raw output",{"file":210,"line":231,"context":229},289,{"file":210,"line":233,"context":229},305,{"file":235,"line":236,"context":229},"richtexteditor\\load.php",14,{"file":238,"line":10,"context":229},"richtexteditor\\server_php\\phpuploader\\ajaxuploaderresource.php",{"file":238,"line":240,"context":229},67,{"file":214,"line":242,"context":229},619,{"file":214,"line":244,"context":229},623,{"file":214,"line":246,"context":229},988,{"file":214,"line":248,"context":229},1314,{"file":214,"line":250,"context":229},1335,{"file":214,"line":252,"context":229},1347,{"file":218,"line":254,"context":229},33,{"file":218,"line":256,"context":229},39,{"file":218,"line":201,"context":229},{"file":218,"line":197,"context":229},{"file":218,"line":260,"context":229},51,{"file":218,"line":59,"context":229},{"file":218,"line":263,"context":229},71,{"file":218,"line":265,"context":229},154,{"file":218,"line":267,"context":229},155,{"file":200,"line":240,"context":229},{"file":200,"line":270,"context":229},95,{"file":200,"line":272,"context":229},149,{"file":200,"line":274,"context":229},162,{"file":200,"line":276,"context":229},324,{"file":200,"line":278,"context":229},355,{"file":200,"line":280,"context":229},442,{"file":200,"line":282,"context":229},476,{"file":200,"line":284,"context":229},477,{"file":200,"line":286,"context":229},478,{"file":200,"line":288,"context":229},499,{"file":200,"line":290,"context":229},583,{"file":200,"line":292,"context":229},617,{"file":200,"line":294,"context":229},618,{"file":200,"line":242,"context":229},{"file":200,"line":297,"context":229},836,{"file":200,"line":299,"context":229},837,{"file":200,"line":301,"context":229},871,{"file":200,"line":303,"context":229},872,{"file":200,"line":305,"context":229},873,[],[308,327],{"entryPoint":309,"graph":310,"unsanitizedCount":57,"severity":37},"LoadFile (richtexteditor\\include_rte.php:1824)",{"nodes":311,"edges":324},[312,318],{"id":313,"type":314,"label":315,"file":316,"line":317},"n0","source","$_x137","richtexteditor\\include_rte.php",1824,{"id":319,"type":320,"label":321,"file":316,"line":322,"wp_function":323},"n1","sink","fopen() [File Access]",1837,"fopen",[325],{"from":313,"to":319,"sanitized":326},false,{"entryPoint":328,"graph":329,"unsanitizedCount":354,"severity":37},"\u003Cajaxuploaderresource> (richtexteditor\\server_php\\phpuploader\\ajaxuploaderresource.php:0)",{"nodes":330,"edges":350},[331,334,336,339,343,345],{"id":313,"type":314,"label":332,"file":238,"line":333},"$_SERVER",12,{"id":319,"type":320,"label":321,"file":238,"line":335,"wp_function":323},56,{"id":337,"type":314,"label":338,"file":238,"line":333},"n2","$_SERVER (x2)",{"id":340,"type":320,"label":341,"file":238,"line":10,"wp_function":342},"n3","echo() [XSS]","echo",{"id":344,"type":314,"label":332,"file":238,"line":333},"n4",{"id":346,"type":320,"label":347,"file":238,"line":348,"wp_function":349},"n5","header() [Header Injection]",79,"header",[351,352,353],{"from":313,"to":319,"sanitized":326},{"from":337,"to":340,"sanitized":326},{"from":344,"to":346,"sanitized":326},4,{"summary":356,"deductions":357},"The \"richtexteditor\" v1.0.1 plugin presents a mixed security posture. While it exhibits strengths in handling SQL queries with prepared statements and makes no external HTTP requests, significant concerns arise from its static analysis and vulnerability history. The presence of dangerous functions like `create_function` and `shell_exec` is a major red flag, indicating potential for code execution vulnerabilities if not handled with extreme care. Furthermore, the lack of proper output escaping on a majority of outputs and the absence of nonce and capability checks on any entry points leave the plugin vulnerable to various attacks.\n\nThe taint analysis revealing unsanitized paths is particularly worrisome, suggesting that user-supplied data might be processed in a way that could lead to path traversal or other file system manipulation issues. The vulnerability history, with two currently unpatched medium-severity CVEs related to missing authorization and CSRF, strongly suggests a recurring pattern of security weaknesses in the plugin's development. These historical vulnerabilities, coupled with the static analysis findings, indicate a plugin that has historically struggled with robust security implementations.\n\nIn conclusion, while the plugin has some positive aspects like secure SQL handling, the presence of dangerous functions, insufficient output escaping, lack of authorization checks, and a history of unpatched vulnerabilities create a significant risk. Users should exercise extreme caution and consider the potential for exploitation, especially given the unpatched CVEs and the identified code quality issues.",[358,360,362,364,366,368],{"reason":359,"points":135},"2 Unpatched Medium CVEs",{"reason":361,"points":171},"Dangerous functions present (create_function, shell_exec)",{"reason":363,"points":133},"Low output escaping percentage",{"reason":365,"points":73},"No nonce checks",{"reason":367,"points":73},"No capability checks",{"reason":369,"points":333},"Unsanitized paths in taint flows","2026-03-16T21:49:28.276Z",{"wat":372,"direct":382},{"assetPaths":373,"generatorPatterns":377,"scriptPaths":378,"versionParams":379},[374,375,376],"\u002Fwp-content\u002Fplugins\u002Frichtexteditor\u002Frichtexteditor_wordpress_class.php","\u002Fwp-content\u002Fplugins\u002Frichtexteditor\u002Frichtexteditor.js","\u002Fwp-content\u002Fplugins\u002Frichtexteditor\u002Frichtexteditor.css",[],[375],[380,381],"richtexteditor.css?ver=","richtexteditor.js?ver=",{"cssClasses":383,"htmlComments":387,"htmlAttributes":388,"restEndpoints":392,"jsGlobals":393,"shortcodeOutput":395},[384,385,386],"metabox-holder","postbox","postbox_content",[],[389,390,391],"id=\"Control_RTE_OverView\"","id=\"Control_RTE_Setting\"","id=\"rte_settings_form\"",[],[394],"RTEEDITOR_PLUGIN_URL",[]]