Does WP Editor Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Editor Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Editor Widget compatible with WordPress 5.5.18?

According to WordPress.org data, WP Editor Widget 0.6.0 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is WP Editor Widget updated?

WP Editor Widget was last updated on Nov 7, 2020. Frequent updates are generally a positive security signal.

What is WP Editor Widget's security score?

WP Editor Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Editor Widget Security & Risk Analysis

wordpress.org/plugins/wp-editor-widget

WP Editor Widget adds a rich text widget where the content is edited using the standard WordPress visual editor.

10K active installs v0.6.0 PHP + WP 3.5.1+ Updated Nov 7, 2020

editorrich-textwidgetwpmlwysiwyg

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Editor Widget Safe to Use in 2026?

Generally Safe

Score 85/100

WP Editor Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The 'wp-editor-widget' v0.6.0 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The complete absence of identified dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and external HTTP requests is highly commendable. The plugin also demonstrates good practices in output escaping, with an extremely high percentage of outputs being properly escaped. The lack of any recorded vulnerabilities, including CVEs, further reinforces its apparent security. However, the most significant concern arises from the complete absence of nonce checks and capability checks across all identified entry points. While the static analysis indicates a very small attack surface (0 entry points), this lack of protective measures means that if any new entry points were introduced or discovered, they would be inherently unprotected, posing a significant risk. The absence of taint analysis results is also noted, though this may be due to the plugin's simplicity and lack of complex data handling.

Key Concerns

Missing nonce checks on all entry points
Missing capability checks on all entry points

Vulnerabilities

None known

WP Editor Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Editor Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped33 total outputs

Attack Surface

WP Editor Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actionwidgets_initwp-editor-widget.php:37

actionload-widgets.phpwp-editor-widget.php:38

actionload-customize.phpwp-editor-widget.php:39

actionwidgets_admin_pagewp-editor-widget.php:40

actioncustomize_controls_print_footer_scriptswp-editor-widget.php:41

actioncustomize_controls_print_footer_scriptswp-editor-widget.php:42

actionplugins_loadedwp-editor-widget.php:43

filterwp_editor_widget_contentwp-editor-widget.php:45

filterwp_editor_widget_contentwp-editor-widget.php:46

filterwp_editor_widget_contentwp-editor-widget.php:47

filterwp_editor_widget_contentwp-editor-widget.php:48

filterwp_editor_widget_contentwp-editor-widget.php:49

filterwp_editor_widget_contentwp-editor-widget.php:50

Maintenance & Trust

WP Editor Widget Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedNov 7, 2020

PHP min version

Downloads153K

Community Trust

Rating92/100

Number of ratings18

Active installs10K

Alternatives

WP Editor Widget Alternatives

Widget Content Blocks

wysiwyg-widgets

100

Edit widget content using the default WordPress visual editor and media uploading functionality. Create widgets like you would create posts or pages.

10K No CVEs

Black Studio TinyMCE Widget

black-studio-tinymce-widget

100

The visual editor widget for WordPress.

200K No CVEs

Rich Text Editor

richtexteditor

This plugin integrates your Wordpress with RichTextEditor - the most powerful online wysiwyg content editor.

60 2 unpatched

BP-TinyMCE

bp-tinymce

Replaces textareas throughout BuddyPress with the TinyMCE rich text box.

10 No CVEs

Classic Widgets

classic-widgets

100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs

Developer Profile

WP Editor Widget Developer Profile

feedmeastraycat

2 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Editor Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-editor-widget/assets/js/admin.js/wp-content/plugins/wp-editor-widget/assets/css/admin.css

Script Paths

/wp-content/plugins/wp-editor-widget/assets/js/admin.js

Version Parameters

wp-editor-widget/assets/js/admin.js?ver=wp-editor-widget/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

wp-editor-widget-containerwp-editor-widget-backdrop

Data Attributes

id="wp-editor-widget-container"id="wp-editor-widget-backdrop"

JS Globals

WPEditorWidget

FAQ