[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgOocFEEknx_T-qjM88p0226sBGaTlA0MFX5rDb3OEs4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":302},"simple-editor-control","Simple Editor Control","3.0.1","Thomas Lloancy","https:\u002F\u002Fprofiles.wordpress.org\u002Ftlloancy\u002F","\u003Cp>Décrit comme le “Spartiate du Code,” \u003Cstrong>Simple Editor Control\u003C\u002Fstrong> n’est pas juste un plugin; c’est votre allié dans la bataille pour une gestion de fichiers précise et puissante dans WordPress. Avec la version 3.0.0, nous avons transcendé les limites de la simple surveillance pour vous offrir un contrôle absolu :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Édition Directe\u003C\u002Fstrong>: Une simple clique sur un fichier vous propulse dans l’éditeur, prêt à modifier.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Téléchargement Historique\u003C\u002Fstrong>: Revivez l’histoire de vos fichiers; téléchargez n’importe quelle version passée.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Refonte Visuelle\u003C\u002Fstrong>: Un design rehaussé, inspiré par la discipline spartiate, pour une clarté et une efficacité inégalées.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Édition et Téléchargement Intégrés\u003C\u002Fstrong>: Pas besoin de naviguer ailleurs; éditez et téléchargez directement depuis l’interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Design Redéfini\u003C\u002Fstrong>: Une interface utilisateur refondue pour une navigation fluide et une présentation visuelle impressionnante.\n\u003Cul>\n\u003Cli>\u003Cstrong>Note Importante\u003C\u002Fstrong>: Le design modifié du \u003Ccode>\u003Cbody>\u003C\u002Fcode> est \u003Cstrong>exclusif\u003C\u002Fstrong> à la page du plugin \u003Cstrong>Simple Editor Control\u003C\u002Fstrong>. Le reste de votre site WordPress ne sera pas affecté par ces changements visuels.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Améliorations de Performance\u003C\u002Fstrong>: Optimisations pour une rapidité de traitement des diffs qui ferait honneur à un hoplite.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sécurité Renforcée\u003C\u002Fstrong>: Des mesures de sécurité additionnelles pour protéger vos modifications comme les remparts de Sparte.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Changements dans la Version 3.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Édition et Téléchargement Intégrés\u003C\u002Fstrong>: Pas besoin de naviguer ailleurs; éditez et téléchargez directement depuis l’interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Design Redéfini\u003C\u002Fstrong>: Une interface utilisateur refondue pour une navigation fluide et une présentation visuelle impressionnante.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Améliorations de Performance\u003C\u002Fstrong>: Optimisations pour une rapidité de traitement des diffs qui ferait honneur à un hoplite.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sécurité Renforcée\u003C\u002Fstrong>: Des mesures de sécurité additionnelles pour protéger vos modifications comme les remparts de Sparte.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Précédentes Versions\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"#\" rel=\"nofollow ugc\">Consultez le Changelog Complet ici pour les détails sur les versions antérieures\u003C\u002Fa>\u003C\u002Fp>\n","Surveille et gère les modifications de fichiers dans l'éditeur de WordPress, y compris les thèmes. Simple Editor Control 3.0.",10,1536,100,1,"2024-11-06T15:20:00.000Z","6.6.5","4.0","7.0",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-editor-control.3.0.1.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"tlloancy",9,120,99,30,93,"2026-04-05T17:20:37.495Z",[],{"attackSurface":37,"codeSignals":94,"taintFlows":136,"riskAssessment":290,"analyzedAt":301},{"hooks":38,"ajaxHandlers":68,"restRoutes":82,"shortcodes":91,"cronEvents":92,"entryPointCount":93,"unprotectedCount":93},[39,45,50,55,59,63,66],{"type":40,"name":41,"callback":42,"priority":11,"file":43,"line":44},"action","admin_menu","simpleeditor_control_menu","includes\\simple-editor-control-menu.php",129,{"type":40,"name":46,"callback":47,"priority":11,"file":48,"line":49},"admin_init","simpleeditor_before_capture_editor_page_url","includes\\simple-editor-control-track-changes.php",3,{"type":40,"name":51,"callback":52,"file":53,"line":54},"plugins_loaded","simpleeditor_load_textdomain","simple-editor-control.php",20,{"type":40,"name":56,"callback":57,"file":53,"line":58},"rest_api_init","simpleeditor_register_plugin_details_route",34,{"type":40,"name":60,"callback":61,"priority":11,"file":53,"line":62},"admin_enqueue_scripts","simpleeditor_control_load_styles",286,{"type":40,"name":60,"callback":64,"priority":11,"file":53,"line":65},"simpleeditor_enqueue_custom_script",296,{"type":40,"name":41,"callback":42,"priority":11,"file":53,"line":67},376,[69,74,78],{"action":70,"nopriv":71,"callback":72,"hasNonce":71,"hasCapCheck":71,"file":48,"line":73},"edit-theme-plugin-file",false,"simpleeditor_before_simple_editor_control_track_changes",284,{"action":75,"nopriv":71,"callback":76,"hasNonce":71,"hasCapCheck":71,"file":53,"line":77},"download_file_modification","ajax_download_file_modification",72,{"action":79,"nopriv":71,"callback":80,"hasNonce":71,"hasCapCheck":71,"file":53,"line":81},"load_modification_content","ajax_load_modification_content",187,[83],{"namespace":84,"route":85,"methods":86,"callback":88,"permissionCallback":89,"file":53,"line":90},"simple-editor-control\u002Fv1","\u002Fplugin-details\u002F",[87],"GET","simpleeditor_get_plugin_details_callback","__return_true",37,[],[],4,{"dangerousFunctions":95,"sqlUsage":96,"outputEscaping":104,"fileOperations":98,"externalRequests":23,"nonceChecks":14,"capabilityChecks":134,"bundledLibraries":135},[],{"prepared":97,"raw":98,"locations":99},16,2,[100,102],{"file":43,"line":29,"context":101},"$wpdb->get_var() with variable interpolation",{"file":43,"line":97,"context":103},"$wpdb->get_results() with variable interpolation",{"escaped":105,"rawEcho":106,"locations":107},56,12,[108,112,114,116,118,120,122,124,126,128,130,132],{"file":109,"line":110,"context":111},"ajax\\get_plugin_details.php",18,"raw output",{"file":109,"line":113,"context":111},21,{"file":109,"line":115,"context":111},25,{"file":43,"line":117,"context":111},31,{"file":43,"line":119,"context":111},32,{"file":43,"line":121,"context":111},39,{"file":43,"line":123,"context":111},46,{"file":43,"line":125,"context":111},73,{"file":53,"line":127,"context":111},135,{"file":53,"line":129,"context":111},207,{"file":53,"line":131,"context":111},237,{"file":53,"line":133,"context":111},242,5,[],[137,160,173,230,241,261,279],{"entryPoint":138,"graph":139,"unsanitizedCount":14,"severity":159},"\u003Cget_plugin_details> (ajax\\get_plugin_details.php:0)",{"nodes":140,"edges":156},[141,146,150],{"id":142,"type":143,"label":144,"file":109,"line":145},"n0","source","$_GET",15,{"id":147,"type":148,"label":149,"file":109,"line":145},"n1","transform","→ simpleeditor_control_plugin_details()",{"id":151,"type":152,"label":153,"file":48,"line":154,"wp_function":155},"n2","sink","echo() [XSS]",268,"echo",[157,158],{"from":142,"to":147,"sanitized":71},{"from":147,"to":151,"sanitized":71},"medium",{"entryPoint":161,"graph":162,"unsanitizedCount":98,"severity":159},"simpleeditor_capture_editor_page_url (includes\\simple-editor-control-track-changes.php:35)",{"nodes":163,"edges":171},[164,167],{"id":142,"type":143,"label":165,"file":48,"line":166},"$_GET (x2)",49,{"id":147,"type":152,"label":168,"file":48,"line":169,"wp_function":170},"file_get_contents() [SSRF\u002FLFI]",53,"file_get_contents",[172],{"from":142,"to":147,"sanitized":71},{"entryPoint":174,"graph":175,"unsanitizedCount":14,"severity":159},"\u003Csimple-editor-control> (simple-editor-control.php:0)",{"nodes":176,"edges":220},[177,179,183,184,189,191,196,198,200,204,207,210,213,216,218],{"id":142,"type":143,"label":144,"file":53,"line":178},82,{"id":147,"type":152,"label":180,"file":53,"line":181,"wp_function":182},"get_row() [SQLi]",88,"get_row",{"id":151,"type":143,"label":144,"file":53,"line":178},{"id":185,"type":152,"label":186,"file":53,"line":187,"wp_function":188},"n3","get_results() [SQLi]",110,"get_results",{"id":190,"type":143,"label":144,"file":53,"line":178},"n4",{"id":192,"type":152,"label":193,"file":53,"line":194,"wp_function":195},"n5","header() [Header Injection]",132,"header",{"id":197,"type":143,"label":144,"file":53,"line":178},"n6",{"id":199,"type":152,"label":153,"file":53,"line":127,"wp_function":155},"n7",{"id":201,"type":143,"label":202,"file":53,"line":203},"n8","$_POST (x2)",194,{"id":205,"type":152,"label":180,"file":53,"line":206,"wp_function":182},"n9",199,{"id":208,"type":143,"label":209,"file":53,"line":203},"n10","$_POST",{"id":211,"type":152,"label":186,"file":53,"line":212,"wp_function":188},"n11",214,{"id":214,"type":143,"label":209,"file":53,"line":215},"n12",279,{"id":217,"type":148,"label":149,"file":53,"line":215},"n13",{"id":219,"type":152,"label":153,"file":48,"line":154,"wp_function":155},"n14",[221,223,224,225,226,227,228,229],{"from":142,"to":147,"sanitized":222},true,{"from":151,"to":185,"sanitized":222},{"from":190,"to":192,"sanitized":222},{"from":197,"to":199,"sanitized":222},{"from":201,"to":205,"sanitized":222},{"from":208,"to":211,"sanitized":222},{"from":214,"to":217,"sanitized":71},{"from":217,"to":219,"sanitized":71},{"entryPoint":231,"graph":232,"unsanitizedCount":23,"severity":240},"simpleeditor_control_track_changes (includes\\simple-editor-control-track-changes.php:111)",{"nodes":233,"edges":238},[234,236],{"id":142,"type":143,"label":209,"file":48,"line":235},161,{"id":147,"type":152,"label":180,"file":48,"line":237,"wp_function":182},179,[239],{"from":142,"to":147,"sanitized":222},"low",{"entryPoint":242,"graph":243,"unsanitizedCount":23,"severity":240},"\u003Csimple-editor-control-track-changes> (includes\\simple-editor-control-track-changes.php:0)",{"nodes":244,"edges":256},[245,246,247,248,249,250,252,254],{"id":142,"type":143,"label":165,"file":48,"line":166},{"id":147,"type":152,"label":168,"file":48,"line":169,"wp_function":170},{"id":151,"type":143,"label":209,"file":48,"line":235},{"id":185,"type":152,"label":180,"file":48,"line":237,"wp_function":182},{"id":190,"type":143,"label":209,"file":48,"line":235},{"id":192,"type":152,"label":186,"file":48,"line":251,"wp_function":188},244,{"id":197,"type":143,"label":253,"file":48,"line":235},"$_POST (x4)",{"id":199,"type":152,"label":153,"file":48,"line":255,"wp_function":155},256,[257,258,259,260],{"from":142,"to":147,"sanitized":222},{"from":151,"to":185,"sanitized":222},{"from":190,"to":192,"sanitized":222},{"from":197,"to":199,"sanitized":222},{"entryPoint":262,"graph":263,"unsanitizedCount":93,"severity":278},"ajax_download_file_modification (simple-editor-control.php:74)",{"nodes":264,"edges":273},[265,266,267,268,269,270,271,272],{"id":142,"type":143,"label":144,"file":53,"line":178},{"id":147,"type":152,"label":180,"file":53,"line":181,"wp_function":182},{"id":151,"type":143,"label":144,"file":53,"line":178},{"id":185,"type":152,"label":186,"file":53,"line":187,"wp_function":188},{"id":190,"type":143,"label":144,"file":53,"line":178},{"id":192,"type":152,"label":193,"file":53,"line":194,"wp_function":195},{"id":197,"type":143,"label":144,"file":53,"line":178},{"id":199,"type":152,"label":153,"file":53,"line":127,"wp_function":155},[274,275,276,277],{"from":142,"to":147,"sanitized":71},{"from":151,"to":185,"sanitized":71},{"from":190,"to":192,"sanitized":71},{"from":197,"to":199,"sanitized":71},"high",{"entryPoint":280,"graph":281,"unsanitizedCount":49,"severity":278},"ajax_load_modification_content (simple-editor-control.php:189)",{"nodes":282,"edges":287},[283,284,285,286],{"id":142,"type":143,"label":202,"file":53,"line":203},{"id":147,"type":152,"label":180,"file":53,"line":206,"wp_function":182},{"id":151,"type":143,"label":209,"file":53,"line":203},{"id":185,"type":152,"label":186,"file":53,"line":212,"wp_function":188},[288,289],{"from":142,"to":147,"sanitized":71},{"from":151,"to":185,"sanitized":71},{"summary":291,"deductions":292},"The \"simple-editor-control\" plugin v3.0.1 exhibits a concerning security posture due to a significant number of unprotected entry points.  With 4 total entry points, all 4 (3 AJAX handlers and 1 REST API route) lack proper authentication or permission checks. This creates a substantial attack surface that could be exploited by unauthenticated users. While the code signals show good practices like a high percentage of prepared SQL statements and properly escaped output, the absence of authorization on all discovered entry points overshadows these strengths.\n\nThe taint analysis reveals 2 high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data might be used in sensitive operations without adequate validation. The plugin's vulnerability history is clean, with no recorded CVEs. This is positive, but it does not mitigate the immediate risks identified in the static and taint analyses. The lack of historical vulnerabilities could be due to limited exposure or past robust security, but the current analysis flags critical areas for improvement.\n\nIn conclusion, while the plugin demonstrates some good coding practices, the lack of authorization on all entry points and the presence of high-severity taint flows are significant weaknesses. The plugin has a good foundation with prepared SQL and output escaping, but the fundamental security of its exposed endpoints needs immediate attention to prevent potential exploits by unauthenticated users.",[293,295,297,299],{"reason":294,"points":11},"AJAX handlers without auth checks",{"reason":296,"points":11},"REST API route without permission callback",{"reason":298,"points":106},"High severity taint flows with unsanitized paths",{"reason":300,"points":11},"Nonce checks missing on AJAX handlers","2026-03-17T01:13:17.619Z",{"wat":303,"direct":312},{"assetPaths":304,"generatorPatterns":307,"scriptPaths":308,"versionParams":309},[305,306],"\u002Fwp-content\u002Fplugins\u002Fsimple-editor-control\u002Fjs\u002Feditor-control.js","\u002Fwp-content\u002Fplugins\u002Fsimple-editor-control\u002Fcss\u002Feditor-control.css",[],[305],[310,311],"simple-editor-control\u002Fjs\u002Feditor-control.js?ver=","simple-editor-control\u002Fcss\u002Feditor-control.css?ver=",{"cssClasses":313,"htmlComments":314,"htmlAttributes":315,"restEndpoints":316,"jsGlobals":318,"shortcodeOutput":319},[],[],[],[317],"\u002Fwp-json\u002Fsimple-editor-control\u002Fv1\u002Fplugin-details\u002F",[],[]]