WP-Safety

Advanced Editor Tools Security & Risk Analysis

wordpress.org/plugins/tinymce-advanced

Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).

2.0M active installs v5.9.2 PHP 5.6+ WP 5.9+ Updated Dec 8, 2025
block-editorclassic-editoreditorformattinggutenberg
100
A · Safe
CVEs total1
Unpatched0
Last CVESep 8, 2014
Plugin page Download
Safety Verdict

Is Advanced Editor Tools Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced Editor Tools has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 8, 2014Updated 3mo ago
Risk Assessment

The static analysis of tinymce-advanced v5.9.2 reveals a generally strong security posture with a minimal attack surface and robust practices around SQL queries, nonce checks, and capability checks. The absence of any critical or high-severity taint flows is also a positive sign. However, a significant concern is the low percentage of properly escaped output (9%), indicating a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled with sufficient care in the majority of output contexts. The presence of a single file operation is also a point of attention, though its risk depends entirely on the specifics of its implementation, which are not detailed here. Despite a history of past vulnerabilities, including a medium severity one, the fact that all known CVEs are patched suggests the developers have addressed past issues. The low number of entry points and the absence of unprotected ones are excellent security hygiene, but the output escaping weakness, if exploited, could still lead to significant risk.

Key Concerns

  • Low percentage of properly escaped output
  • Bundled TinyMCE v5.9.2 library
  • One file operation present
Vulnerabilities
1

Advanced Editor Tools Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-cb427792-8675-4c38-a4e6-ba2b8091003f-tinymce-advancedmedium · 4.3Cross-Site Request Forgery (CSRF)

TinyMCE Advanced <= 4.1.9 - Cross-Site Request Forgery

Sep 8, 2014 Patched in 4.2.3 (3424d)
Code Analysis
Analyzed Mar 16, 2026

Advanced Editor Tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
39
4 escaped
Nonce Checks
6
Capability Checks
6
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE5.9.2

Output Escaping

9% escaped43 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<tadv_admin> (tadv_admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Advanced Editor Tools Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 21
actionadmin_menutinymce-advanced.php:157
actionadmin_enqueue_scriptstinymce-advanced.php:158
actionplugins_loadedtinymce-advanced.php:159
filterplugin_action_linkstinymce-advanced.php:160
actionbefore_wp_tiny_mcetinymce-advanced.php:161
actionadmin_inittinymce-advanced.php:163
actionplugins_loadedtinymce-advanced.php:164
filterwp_editor_settingstinymce-advanced.php:167
filtermce_buttonstinymce-advanced.php:169
filtermce_buttons_2tinymce-advanced.php:170
filtermce_buttons_3tinymce-advanced.php:171
filtermce_buttons_4tinymce-advanced.php:172
filtertiny_mce_before_inittinymce-advanced.php:174
filtermce_external_pluginstinymce-advanced.php:175
filtertiny_mce_pluginstinymce-advanced.php:176
actionenqueue_block_editor_assetstinymce-advanced.php:178
actioninittinymce-advanced.php:179
filterwp_insert_post_datatinymce-advanced.php:180
filterexcerpt_allowed_blockstinymce-advanced.php:182
actionadmin_footertinymce-advanced.php:257
filteruse_block_editor_for_post_typetinymce-advanced.php:826
Maintenance & Trust

Advanced Editor Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version5.6
Downloads35.1M

Community Trust

Rating90/100
Number of ratings351
Active installs2.0M
Alternatives

Advanced Editor Tools Alternatives

Classic Editor

Classic Editor

classic-editor

A
100

Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.

9.0M No CVEs
Disable Gutenberg

Disable Gutenberg

disable-gutenberg

A
100

Disable Gutenberg Block Editor and restore the Classic Editor and original Edit Post screen (TinyMCE, meta boxes, etc.).

600K No CVEs
Classic Editor and Classic Widgets

Classic Editor and Classic Widgets

classic-editor-and-classic-widgets

A
99

Disables Gutenberg editor totally everywhere and enables Classic Editor and Classic Widgets.

20K 2 CVEs
Enable Classic Editor & Widgets

Enable Classic Editor & Widgets

enable-classic-editor

A
100

A simple & lightweight plugin to enable the classic editor on WordPress with advanced configuration options.

2K No CVEs
Guten Free Options

Guten Free Options

guten-free-options

C
58

Gutenberg Free Options for your WordPressed Burger err I mean Editor.

200 2 unpatched
Developer Profile

Advanced Editor Tools Developer Profile

Andrew Ozz

6 plugins · 2.0M total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
3424 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Editor Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tinymce-advanced/plugin-assets/tadv.css/wp-content/plugins/tinymce-advanced/plugin-assets/tadv.js
Script Paths
/wp-content/plugins/tinymce-advanced/plugin-assets/tadv.js
Version Parameters
tinymce-advanced/plugin-assets/tadv.css?ver=tinymce-advanced/plugin-assets/tadv.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Advanced Editor Tools Settings --><!-- Advanced Editor Tools Settings End -->
FAQ

Frequently Asked Questions about Advanced Editor Tools