Does Simple Editor Control have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Editor Control have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Editor Control compatible with WordPress 6.6.5?

According to WordPress.org data, Simple Editor Control 3.0.1 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Simple Editor Control compatible with PHP 7.0+?

Simple Editor Control requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Editor Control updated?

Simple Editor Control was last updated on Nov 6, 2024. Frequent updates are generally a positive security signal.

What is Simple Editor Control's security score?

Simple Editor Control has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Editor Control Security & Risk Analysis

wordpress.org/plugins/simple-editor-control

Surveille et gère les modifications de fichiers dans l'éditeur de WordPress, y compris les thèmes. Simple Editor Control 3.0.

10 active installs v3.0.1 PHP 7.0+ WP 4.0+ Updated Nov 6, 2024

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Simple Editor Control Safe to Use in 2026?

Generally Safe

Score 92/100

Simple Editor Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "simple-editor-control" plugin v3.0.1 exhibits a concerning security posture due to a significant number of unprotected entry points. With 4 total entry points, all 4 (3 AJAX handlers and 1 REST API route) lack proper authentication or permission checks. This creates a substantial attack surface that could be exploited by unauthenticated users. While the code signals show good practices like a high percentage of prepared SQL statements and properly escaped output, the absence of authorization on all discovered entry points overshadows these strengths.

The taint analysis reveals 2 high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data might be used in sensitive operations without adequate validation. The plugin's vulnerability history is clean, with no recorded CVEs. This is positive, but it does not mitigate the immediate risks identified in the static and taint analyses. The lack of historical vulnerabilities could be due to limited exposure or past robust security, but the current analysis flags critical areas for improvement.

In conclusion, while the plugin demonstrates some good coding practices, the lack of authorization on all entry points and the presence of high-severity taint flows are significant weaknesses. The plugin has a good foundation with prepared SQL and output escaping, but the fundamental security of its exposed endpoints needs immediate attention to prevent potential exploits by unauthenticated users.

Key Concerns

AJAX handlers without auth checks
REST API route without permission callback
High severity taint flows with unsanitized paths
Nonce checks missing on AJAX handlers

Vulnerabilities

None known

Simple Editor Control Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Simple Editor Control Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

56 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared18 total queries

Output Escaping

82% escaped68 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

<get_plugin_details> (ajax\get_plugin_details.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Simple Editor Control Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 3

authwp_ajax_edit-theme-plugin-fileincludes\simple-editor-control-track-changes.php:284

authwp_ajax_download_file_modificationsimple-editor-control.php:72

authwp_ajax_load_modification_contentsimple-editor-control.php:187

REST API Routes 1

GET/wp-json/simple-editor-control/v1/plugin-details/simple-editor-control.php:37

WordPress Hooks 7

actionadmin_menuincludes\simple-editor-control-menu.php:129

actionadmin_initincludes\simple-editor-control-track-changes.php:3

actionplugins_loadedsimple-editor-control.php:20

actionrest_api_initsimple-editor-control.php:34

actionadmin_enqueue_scriptssimple-editor-control.php:286

actionadmin_enqueue_scriptssimple-editor-control.php:296

actionadmin_menusimple-editor-control.php:376

Maintenance & Trust

Simple Editor Control Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedNov 6, 2024

PHP min version7.0

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Simple Editor Control Alternatives

No alternatives data available yet.

Developer Profile

Simple Editor Control Developer Profile

Thomas Lloancy

9 plugins · 120 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Editor Control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-editor-control/js/editor-control.js/wp-content/plugins/simple-editor-control/css/editor-control.css

Script Paths

/wp-content/plugins/simple-editor-control/js/editor-control.js

Version Parameters

simple-editor-control/js/editor-control.js?ver=simple-editor-control/css/editor-control.css?ver=

HTML / DOM Fingerprints

REST Endpoints

/wp-json/simple-editor-control/v1/plugin-details/

FAQ