[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftvBBSvRHZNWvFpFYyzMrrkLb3sta3rTqMsULy-XwNU4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":154,"crawl_stats":38,"alternatives":158,"analysis":267,"fingerprints":653},"wp-editor","WP Editor","1.2.9.3","benjaminprojas","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenjaminprojas\u002F","\u003Cp>WP Editor is a plugin for WordPress that replaces the default plugin and theme editors as well as the page\u002Fpost editor. Using integrations with CodeMirror and FancyBox to create a feature rich environment, WP Editor completely reworks the default WordPress file editing capabilities. Using Asynchronous Javascript and XML (AJAX) to retrieve files and folders, WP Editor sets a new standard for speed and reliability in a web-based editing atmosphere.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>CodeMirror\u003C\u002Fli>\n\u003Cli>Active Line Highlighting\u003C\u002Fli>\n\u003Cli>Line Numbers\u003C\u002Fli>\n\u003Cli>Line Wrapping\u003C\u002Fli>\n\u003Cli>Eight Editor Themes with Syntax Highlighting\u003C\u002Fli>\n\u003Cli>Fullscreen Editing (ESC, F11)\u003C\u002Fli>\n\u003Cli>Text Search (CMD + F, CTRL + F)\u003C\u002Fli>\n\u003Cli>Individual Settings for Each Editor\u003C\u002Fli>\n\u003Cli>FancyBox for image viewing\u003C\u002Fli>\n\u003Cli>AJAX File Browser\u003C\u002Fli>\n\u003Cli>Allowed Extensions List\u003C\u002Fli>\n\u003Cli>Easy to use Settings Section\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Editor is a plugin for WordPress that replaces the default plugin and theme editors as well as the page\u002Fpost editor.",30000,1075617,90,95,"2026-03-11T18:50:00.000Z","6.9.4","3.9","",[20,21,22,23,24],"code-editor","page-editor","plugin-editor","post-editor","theme-editor","http:\u002F\u002Fwpeditor.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-editor.1.2.9.3.zip",86,9,0,"2025-04-16 17:11:50","2026-03-15T15:16:48.613Z",[33,49,60,73,88,103,116,131,142],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-3295","wp-editor-authenticated-administrator-directory-traversal-to-arbitrary-file-read","WP Editor \u003C= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read","The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.",null,"\u003C=1.2.9.1","1.2.9.2","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2025-04-17 05:23:21",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4618c1f4-c0aa-47f5-8c0b-2cb4a021f2e0?source=api-prod",1,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":44,"published_date":57,"updated_date":45,"references":58,"days_to_patch":48},"CVE-2025-3294","wp-editor-authenticated-administrator-directory-traversal-to-arbitrary-file-update","WP Editor \u003C= 1.2.9.1 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Update","The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server.","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2025-04-16 17:10:07",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9298820e-3753-41b3-8ba6-9fb494e215a8?source=api-prod",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":38,"affected_versions":65,"patched_in_version":66,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":67,"published_date":68,"updated_date":69,"references":70,"days_to_patch":72},"CVE-2022-2446","wp-editor-authenticated-admin-phar-deserialization","WP Editor \u003C= 1.2.9 - Authenticated (Admin+) PHAR Deserialization","The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.","\u003C=1.2.9","1.2.9.1","Deserialization of Untrusted Data","2024-09-12 00:00:00","2024-09-13 15:10:44",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff3555702-4427-4569-8fd6-f84113593e9d?source=api-prod",2,{"id":74,"url_slug":75,"title":76,"description":77,"plugin_slug":4,"theme_slug":38,"affected_versions":78,"patched_in_version":79,"severity":41,"cvss_score":80,"cvss_vector":81,"vuln_type":82,"published_date":83,"updated_date":84,"references":85,"days_to_patch":87},"CVE-2024-24700","wp-editor-reflected-cross-site-scripting","WP Editor \u003C= 1.2.8 - Reflected Cross-Site Scripting","The WP Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.2.8","1.2.9",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-03-26 00:00:00","2024-05-07 19:43:18",[86],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F50bbcfcb-7001-42e7-926c-ec4bf4ea35f6?source=api-prod",43,{"id":89,"url_slug":90,"title":91,"description":92,"plugin_slug":4,"theme_slug":38,"affected_versions":93,"patched_in_version":94,"severity":41,"cvss_score":95,"cvss_vector":96,"vuln_type":97,"published_date":98,"updated_date":99,"references":100,"days_to_patch":102},"CVE-2024-25591","wp-editor-sensitive-information-exposure-via-log-file","WP Editor \u003C= 1.2.7 - Sensitive Information Exposure via log file","The WP Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including configuration information.","\u003C=1.2.7","1.2.8",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Insertion of Sensitive Information into Log File","2024-02-12 00:00:00","2024-02-14 20:47:54",[101],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F66b1f539-9192-43f5-a77d-9763024e6b74?source=api-prod",3,{"id":104,"url_slug":105,"title":106,"description":107,"plugin_slug":4,"theme_slug":38,"affected_versions":108,"patched_in_version":109,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":110,"published_date":111,"updated_date":112,"references":113,"days_to_patch":115},"CVE-2021-24151","wp-editor-authenticated-admin-sql-injection","WP Editor \u003C= 1.2.6.3 - Authenticated (Admin+) SQL injection","The WP Editor plugin for WordPress is vulnerable to blind SQL Injection via the setting fields in versions up to, and including, 1.2.6.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=1.2.6.3","1.2.7","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2021-02-01 00:00:00","2024-01-22 19:56:02",[114],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8d5a1aec-11f5-4516-9454-651ca4cd6600?source=api-prod",1086,{"id":117,"url_slug":118,"title":119,"description":120,"plugin_slug":4,"theme_slug":38,"affected_versions":121,"patched_in_version":122,"severity":123,"cvss_score":124,"cvss_vector":125,"vuln_type":126,"published_date":127,"updated_date":112,"references":128,"days_to_patch":130},"CVE-2016-10886","wp-editor-incorrect-permission-assignment-or-protection","WP Editor \u003C 1.2.6 - Incorrect Permission Assignment or Protection","The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.","\u003C1.2.6","1.2.6","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Missing Authorization","2021-01-15 00:00:00",[129],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F72aa362f-927d-427f-8de9-f5119d53497e?source=api-prod",1103,{"id":132,"url_slug":133,"title":134,"description":135,"plugin_slug":4,"theme_slug":38,"affected_versions":136,"patched_in_version":137,"severity":41,"cvss_score":80,"cvss_vector":81,"vuln_type":82,"published_date":138,"updated_date":112,"references":139,"days_to_patch":141},"CVE-2016-10877","wp-editor-cross-site-scripting","WP Editor \u003C= 1.2.6.2 - Cross-Site Scripting","The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues.","\u003C1.2.6.3","1.2.6.3","2016-10-05 00:00:00",[140],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe4e16526-89a5-4d49-ab9d-dcc7ad3bc8d0?source=api-prod",2666,{"id":143,"url_slug":144,"title":145,"description":146,"plugin_slug":4,"theme_slug":38,"affected_versions":121,"patched_in_version":122,"severity":54,"cvss_score":147,"cvss_vector":148,"vuln_type":149,"published_date":150,"updated_date":112,"references":151,"days_to_patch":153},"CVE-2016-10885","wp-editor-cross-site-request-forgery","WP Editor \u003C 1.2.6 - Cross-Site Request Forgery","The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.2.6. This is due to missing or incorrect nonce validation on the save_settings() function, in addition to a few other functions. This makes it possible for unauthenticated attackers to modify the plugin's settings and upload files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2016-05-13 00:00:00",[152],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faee4fb6f-8ee6-4d6e-8167-876c9453f78f?source=api-prod",2811,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":155,"trust_score":156,"computed_at":157},857,69,"2026-04-04T03:37:37.960Z",[159,182,204,222,243],{"slug":160,"name":161,"version":162,"author":163,"author_profile":164,"description":165,"short_description":166,"active_installs":167,"downloaded":168,"rating":169,"num_ratings":170,"last_updated":171,"tested_up_to":172,"requires_at_least":173,"requires_php":174,"tags":175,"homepage":178,"download_link":179,"security_score":14,"vuln_count":180,"unpatched_count":29,"last_vuln_date":181,"fetched_at":31},"wpide","WPIDE – File Manager & Code Editor","3.5.3","XplodedThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fxplodedthemes\u002F","\u003Cp>\u003Cstrong>WPIDE\u003C\u002Fstrong> is an Advanced \u003Cstrong>File Manager\u003C\u002Fstrong> and \u003Cstrong>Code Editor\u003C\u002Fstrong> plugin for WordPress that you can use completely for free.\u003C\u002Fp>\n\u003Cp>The Code Editor lets you edit any file within your wp-content folder, not just plugins and themes.\u003C\u002Fp>\n\u003Cp>The included \u003Cstrong>code completion\u003C\u002Fstrong> will help you remember your WordPress\u002FPHP commands providing function reference along the way. Edit multiple files with the tabbed editor.\u003C\u002Fp>\n\u003Cp>The File Manager lets you copy, move, duplicate, create archives, download, upload, edit, delete, preview files & directories \u003Cstrong>without FTP or cPanel access\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>WPIDE uses a \u003Cstrong>very modern, clean and easy to use interface\u003C\u002Fstrong> to make managing and editing your files a breeze! It comes with 6 different themes and a dark mode to reduce blue light exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you know?\u003C\u002Fstrong>\u003Cbr \u002F>\nMore than \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fblog\u002F2020\u002F09\u002Fmillions-of-sites-targeted-in-file-manager-vulnerability-attacks\u002F\" rel=\"nofollow ugc\">700,000 WordPress websites\u003C\u002Fa> were attacked during September 2020.\u003Cbr \u002F>\nMalicious bots are looking to exploit vulnerable versions of WP file manager plugins.\u003C\u002Fp>\n\u003Cp>Fortunately, WPIDE is built with \u003Cstrong>security in mind\u003C\u002Fstrong> and comes with this vulnerability \u003Cstrong>fixed\u003C\u002Fstrong>! So rest assured! WPIDE poses no risk to you!\u003C\u002Fp>\n\u003Ch3>▶️ VIDEO OVERVIEW\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FwF0PUz8wfRM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=wF0PUz8wfRM\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=wF0PUz8wfRM\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>⚡️ FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Advanced File Manager\u003C\u002Fli>\n\u003Cli>File Tree Browser\u003C\u002Fli>\n\u003Cli>Smart context menu\u003C\u002Fli>\n\u003Cli>Customizable Root Path\u003C\u002Fli>\n\u003Cli>Create new files and directories\u003C\u002Fli>\n\u003Cli>Download files \u002F folders (Batch support)\u003C\u002Fli>\n\u003Cli>Upload files \u002F folders using drag n drop (Batch support)\u003C\u002Fli>\n\u003Cli>Zip \u002F Unzip files and folders (Batch support)\u003C\u002Fli>\n\u003Cli>Deep search for files \u002F folders by keyword\u003C\u002Fli>\n\u003Cli>Calculate folder size\u003C\u002Fli>\n\u003Cli>Advanced File Editor\u003C\u002Fli>\n\u003Cli>Editor Line numbers\u003C\u002Fli>\n\u003Cli>Editor Find + Replace\u003C\u002Fli>\n\u003Cli>Editor Syntax highlighting\u003C\u002Fli>\n\u003Cli>Editor Highlight Matching Parentheses\u003C\u002Fli>\n\u003Cli>Editor Automatic Indentation + Code Folding\u003C\u002Fli>\n\u003Cli>Editor keyboard commands \u002F shortcuts\u003C\u002Fli>\n\u003Cli>Tabbed interface for editing multiple files\u003C\u002Fli>\n\u003Cli>WordPress and PHP code auto-completion\u003C\u002Fli>\n\u003Cli>PHP code parsing and validation\u003C\u002Fli>\n\u003Cli>PHP file backup before saving\u003C\u002Fli>\n\u003Cli>File Recovery Wizard\u003C\u002Fli>\n\u003Cli>Using WordPress filesystem API\u003C\u002Fli>\n\u003Cli>Beautiful Image Gallery\u003C\u002Fli>\n\u003Cli>Video \u002F Audio Media Player\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwpide.com\" rel=\"nofollow ugc\">👉 \u003Cstrong>WPIDE PRO\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Ch3>⭐️ PRO FEATURES\u003C\u002Fh3>\n\u003Ch4>File Editor\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Auto Save\u003C\u002Fstrong> Feature: While editing, files will be auto saved every X seconds to a draft file. Original files are not affected. If you ever close the page by mistake without saving a file, you will be able to restore from the auto saved file.\u003C\u002Fli>\n\u003Cli>Auto Saved \u003Cstrong>Quick Diff\u003C\u002Fstrong>: You can view and compare differences between the auto saved and the current file using the Quick Diff Viewer, then decide if you wish to restore from the auto saved or keep the current file.\u003C\u002Fli>\n\u003Cli>Toggle \u003Cstrong>Full Screen\u003C\u002Fstrong>: This will allow you to toggle full screen the editor area by itself, giving you more space while editing on smaller screens.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>File Manager\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Advanced Mode Option: When enabled, all files and folders will be available for editing including \u003Cstrong>core WordPress files\u003C\u002Fstrong> and the \u003Cstrong>wp-config.php\u003C\u002Fstrong> file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Config Manager\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>View all defined constants within wp-config.php\u003C\u002Fli>\n\u003Cli>Add \u002F Update \u002F Remove constants\u003C\u002Fli>\n\u003Cli>Prevent Duplicated Constants\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Image Editor\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Resize \u002F Crop Images\u003C\u002Fli>\n\u003Cli>Apply filters\u003C\u002Fli>\n\u003Cli>Add Frames \u002F Corners\u003C\u002Fli>\n\u003Cli>Add Text \u002F Stickers\u003C\u002Fli>\n\u003Cli>Add Patterns \u002F Gradients\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Database Manager\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>View Tables\u003C\u002Fli>\n\u003Cli>Create New Tables\u003C\u002Fli>\n\u003Cli>Add \u002F Update \u002F Delete Rows\u003C\u002Fli>\n\u003Cli>Update Table Structure\u003C\u002Fli>\n\u003Cli>Update Column Indexes\u003C\u002Fli>\n\u003Cli>Safe Editing Enabled\u003C\u002Fli>\n\u003C\u002Ful>\n","WPIDE is a powerful file manager and code editor for WordPress with tabs, code completion, and full access to the entire wp-content folder.",40000,884997,96,287,"2025-10-24T13:24:00.000Z","6.7.5","5.0","7.4.0",[20,176,177,22,24],"file-editor","file-manager","https:\u002F\u002Fwpide.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpide.3.5.3.zip",4,"2024-10-14 10:52:09",{"slug":183,"name":184,"version":185,"author":186,"author_profile":187,"description":188,"short_description":189,"active_installs":190,"downloaded":191,"rating":192,"num_ratings":48,"last_updated":193,"tested_up_to":194,"requires_at_least":195,"requires_php":18,"tags":196,"homepage":201,"download_link":202,"security_score":203,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"disable-theme-and-plugin-editor","Disable Theme and Plugin Editor","1.1","Farzad Sotoode","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaster-farzad\u002F","\u003Cp>Disable Theme and Plugin Editors from WordPress Admin Panel for security reasons\u003C\u002Fp>\n\u003Cp>By default WordPress allows users to edit the theme and plugin codes through the admin panel.\u003Cbr \u002F>\nWhile it is a handy feature, it can be very dangerous as well. This simple plugin can end up locking you out of your site unless ofcourse you have the FTP access.\u003Cbr \u002F>\nTo prevent clients from screwing up the site, it is best to disable the theme and plugin editors from the WordPress admin panel.\u003C\u002Fp>\n","Disable Theme and Plugin Editors from WordPress Admin Panel for security reasons",20,2606,100,"2014-02-03T21:24:00.000Z","3.7.41","2.8",[197,198,199,200],"disable-plugin-editing-in-wp","disable-plugin-editor","disable-theme-editing-in-wp","disable-theme-editor","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-theme-and-plugin-editor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-theme-and-plugin-editor.1.1.zip",85,{"slug":205,"name":206,"version":207,"author":208,"author_profile":209,"description":210,"short_description":211,"active_installs":212,"downloaded":213,"rating":29,"num_ratings":29,"last_updated":214,"tested_up_to":215,"requires_at_least":216,"requires_php":18,"tags":217,"homepage":219,"download_link":220,"security_score":203,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":221},"enable-theme-and-plugin-editor","Enable Theme and Plugin Editor (WPMU)","0.1","Sergey Biryukov","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeybiryukov\u002F","\u003Cp>\u003Cstrong>WordPress Multisite (3.0+) already comes with theme and plugin editor enabled by default. This plugin is available for reference only.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Allows to enable theme and plugin editor for site administrator in WordPress MU.\u003Cbr \u002F>\nRequires Site Admin capabilities, not just blog administrator.\u003C\u002Fp>\n\u003Cp>Based on the \u003Ca href=\"http:\u002F\u002Fwww.clickonf5.org\u002Fwordpress-mu\u002Fenable-theme-plugin-editor-wordpress-mu\u002F5790\" rel=\"nofollow ugc\">non-plugin solution\u003C\u002Fa> by Sanjeev Mishra.\u003C\u002Fp>\n","Allows to enable theme and plugin editor for site administrator in WordPress MU.",10,5733,"2010-11-22T05:49:00.000Z","2.9.2","2.7",[22,24,218],"wpmu","http:\u002F\u002Fuplift.ru\u002Fprojects\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenable-theme-and-plugin-editor.0.1.zip","2026-03-15T14:54:45.397Z",{"slug":223,"name":224,"version":225,"author":226,"author_profile":227,"description":228,"short_description":229,"active_installs":230,"downloaded":231,"rating":232,"num_ratings":233,"last_updated":234,"tested_up_to":16,"requires_at_least":17,"requires_php":235,"tags":236,"homepage":241,"download_link":242,"security_score":192,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"so-css","SiteOrigin CSS","1.6.5","Greg - SiteOrigin","https:\u002F\u002Fprofiles.wordpress.org\u002Fgpriday\u002F","\u003Cp>SiteOrigin CSS is the intuitive and powerful CSS editor designed to empower your WordPress site customization. Enjoy a seamless editing experience with real-time visual controls, making it easy to tweak your site’s look and feel instantly. Whether you’re a beginner or an advanced developer, SiteOrigin CSS has you covered.\u003C\u002Fp>\n\u003Cp>For beginners, our user-friendly visual controls and live previews eliminate the guesswork from CSS editing. See your changes as you make them, ensuring your site looks exactly as you envision. For advanced users, we offer robust code autocompletion, speeding up your workflow and making CSS writing faster and more efficient than ever before. Take full control of your site’s design with SiteOrigin CSS and bring your creative vision to life.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F129660380\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch4>Inspector\u003C\u002Fh4>\n\u003Cp>The hardest part of editing your site’s design using CSS is usually finding the correct selector to use. The powerful inspector that comes with SiteOrigin CSS makes this easy. While viewing a full preview of your site, just click on an element, and it’ll help you identify the best selector to use to target that element.\u003C\u002Fp>\n\u003Cp>The inspector will help you even if you have no idea what a CSS selector is.\u003C\u002Fp>\n\u003Ch4>Visual Editor\u003C\u002Fh4>\n\u003Cp>Don’t like playing around with code? No problem. SiteOrigin CSS has a set of simple controls that make it easy to choose colors, styles, and measurements. Combined with the inspector, you’ll be able to make changes in just a few clicks.\u003C\u002Fp>\n\u003Ch4>CSS Editor\u003C\u002Fh4>\n\u003Cp>SiteOrigin CSS has a powerful CSS editor, the likes of which you’d usually only expect from high-end IDEs. It has autocompletion for both CSS selectors and attributes. It also features very useful CSS linting to help you identify issues in your code before you publish your changes.\u003C\u002Fp>\n\u003Ch4>It’s Free\u003C\u002Fh4>\n\u003Cp>We’re committed to keeping SiteOrigin CSS free. You can install it on as many sites as you like without ever worrying about licensing. All future updates and upgrades will be free, and we even offer free support over on our friendly support forums.\u003C\u002Fp>\n\u003Ch4>Works With Any Theme\u003C\u002Fh4>\n\u003Cp>There’s an ever-growing collection of awesome WordPress themes, and now with SiteOrigin CSS, you can edit every single one of them to your heart’s content. No matter what theme you’re using, SiteOrigin CSS will work perfectly.\u003C\u002Fp>\n\u003Ch4>Actively Developed\u003C\u002Fh4>\n\u003Cp>We’re actively developing SiteOrigin CSS. Keep track of what’s happening over on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsiteorigin\u002Fso-css\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fcss\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> is available on SiteOrigin.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Free support is available on the \u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fthread\u002F\" rel=\"nofollow ugc\">SiteOrigin support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>SiteOrigin Premium\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fdownloads\u002Fpremium\u002F\" rel=\"nofollow ugc\">SiteOrigin Premium\u003C\u002Fa> enhances SiteOrigin CSS with a Google Web Font Selector. Choose from hundreds of beautiful web fonts right in the visual editor.\u003C\u002Fp>\n\u003Cp>SiteOrigin Premium includes access to our professional email support service, perfect for those times when you need fast and effective technical support. We’re standing by to assist you in any way we can.\u003C\u002Fp>\n","Powerful, simple CSS editing for WordPress. Visual controls & real-time previews for effortless site customization.",100000,5885531,98,152,"2025-12-06T20:31:00.000Z","7.0.0",[237,238,24,239,240],"css-editor","live-editing","visual-css","website-styling","https:\u002F\u002Fsiteorigin.com\u002Fcss\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fso-css.1.6.5.zip",{"slug":24,"name":244,"version":245,"author":246,"author_profile":247,"description":248,"short_description":249,"active_installs":250,"downloaded":251,"rating":252,"num_ratings":253,"last_updated":254,"tested_up_to":255,"requires_at_least":256,"requires_php":257,"tags":258,"homepage":263,"download_link":264,"security_score":252,"vuln_count":265,"unpatched_count":29,"last_vuln_date":266,"fetched_at":31},"Theme Editor","3.1","mndpsingh287","https:\u002F\u002Fprofiles.wordpress.org\u002Fmndpsingh287\u002F","\u003Ch4>Theme Editor allows you to edit theme files, create folder, upload files and remove any file and folder in themes and plugins. You can easily customize you themes and plugins directly.\u003C\u002Fh4>\n\u003Cp>\u003Cem>\u003Ca href=\"https:\u002F\u002Fthemeeditor.pro\u002Fproduct\u002Ftheme-editor\u002F\" rel=\"nofollow ugc\">Upgrade to Pro Version\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Key Features in Theme Editor Plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Edit Theme and Plugin Files\u003C\u002Fli>\n\u003Cli>Code Editors – Supports PHP, HTML, CSS and JavaScript\u003C\u002Fli>\n\u003Cli>Fancy Box\u003C\u002Fli>\n\u003Cli>Code Mirror\u003C\u002Fli>\n\u003Cli>Create and remove folder in themes and plugins\u003C\u002Fli>\n\u003Cli>Create and remove files in themes and plugins\u003C\u002Fli>\n\u003Cli>upload and download files in themes and plugins\u003C\u002Fli>\n\u003Cli>Download whole theme and plugin.\u003C\u002Fli>\n\u003Cli>Create New Child Theme\u003C\u002Fli>\n\u003Cli>Duplicate Existing Child Theme\u003C\u002Fli>\n\u003Cli>Query \u002F Selector\u003C\u002Fli>\n\u003Cli>Move File from Parent Theme To Child Theme\u003C\u002Fli>\n\u003Cli>Upload New Images and Download Images\u003C\u002Fli>\n\u003Cli>Change and Upload New Screenshot of Selected Theme\u003C\u002Fli>\n\u003Cli>View All Images of Selected Theme\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Extended Features in Theme Editor Plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Users Permissions\u003C\u002Fli>\n\u003Cli>User Role Permissions\u003C\u002Fli>\n\u003Cli>Email Notifications to Admin\u003C\u002Fli>\n\u003Cli>Edit Theme Files\u003C\u002Fli>\n\u003Cli>Code Editors Supports PHP, HTML, CSS and JavaScript\u003C\u002Fli>\n\u003Cli>Fancy Box\u003C\u002Fli>\n\u003Cli>Code Mirror\u003C\u002Fli>\n\u003Cli>Create and remove folder in themes\u003C\u002Fli>\n\u003Cli>Create and remove files in themes\u003C\u002Fli>\n\u003Cli>Upload and download files in themes\u003C\u002Fli>\n\u003Cli>Download whole theme.\u003C\u002Fli>\n\u003Cli>Edit Plugin Files\u003C\u002Fli>\n\u003Cli>Create and remove folder in plugins\u003C\u002Fli>\n\u003Cli>Create and remove files in plugins\u003C\u002Fli>\n\u003Cli>Upload and download files in plugins\u003C\u002Fli>\n\u003Cli>Download whole plugin.\u003C\u002Fli>\n\u003Cli>Create New Child Theme\u003C\u002Fli>\n\u003Cli>Duplicate Existing Child Theme\u003C\u002Fli>\n\u003Cli>Query \u002F Selector\u003C\u002Fli>\n\u003Cli>Move File from Parent Theme To Child Theme\u003C\u002Fli>\n\u003Cli>Upload New Images and Download Images\u003C\u002Fli>\n\u003Cli>Change and Upload New Screenshot of Selected Themes\u003C\u002Fli>\n\u003Cli>View All Images of Selected Theme\u003C\u002Fli>\n\u003Cli>Preview Theme\u003C\u002Fli>\n\u003Cli>Child Theme Permission\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>\u003Ca href=\"https:\u002F\u002Fthemeeditor.pro\u002Fproduct\u002Ftheme-editor\u002F\" rel=\"nofollow ugc\">Upgrade to Pro Version\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>If any problem occurs, please contact us at http:\u002F\u002Fthemeeditor.pro\u002Fcontact\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Minimum requirements for Theme Editor\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.3+\u003C\u002Fli>\n\u003Cli>PHP 5.x\u003C\u002Fli>\n\u003Cli>MySQL 5.x\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If any problem occurs, please contact us at http:\u002F\u002Fthemeeditor.pro\u002Fcontact.\u003C\u002Fp>\n","Theme Editor allows you to edit theme files, create folder, upload files and remove any file and folder in themes and plugins.",50000,865494,92,126,"2025-10-16T11:21:00.000Z","6.8.5","3.4","5.2.4",[259,260,261,24,262],"editor","file","theme","wp","https:\u002F\u002Fthemeeditor.pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-editor.zip",5,"2025-10-17 19:39:27",{"attackSurface":268,"codeSignals":344,"taintFlows":469,"riskAssessment":638,"analyzedAt":652},{"hooks":269,"ajaxHandlers":324,"restRoutes":341,"shortcodes":342,"cronEvents":343,"entryPointCount":180,"unprotectedCount":180},[270,276,279,282,286,289,292,295,300,304,307,312,314,319,321],{"type":271,"name":272,"callback":273,"file":274,"line":275},"action","admin_init","register_default_stylesheet","classes\\WPEditor.php",179,{"type":271,"name":272,"callback":277,"file":274,"line":278},"register_default_script",181,{"type":271,"name":272,"callback":280,"file":274,"line":281},"register_settings",183,{"type":271,"name":283,"callback":284,"file":274,"line":285},"admin_menu","remove_default_editor_menus",186,{"type":271,"name":283,"callback":287,"file":274,"line":288},"build_admin_menu",188,{"type":271,"name":283,"callback":290,"file":274,"line":291},"add_plugins_page",191,{"type":271,"name":283,"callback":293,"file":274,"line":294},"add_themes_page",193,{"type":296,"name":297,"callback":298,"priority":28,"file":274,"line":299},"filter","plugin_action_links","replace_plugin_edit_links",208,{"type":296,"name":301,"callback":302,"file":274,"line":303},"the_editor","add_posts_jquery",210,{"type":296,"name":305,"callback":302,"file":274,"line":306},"admin_footer",215,{"type":271,"name":308,"callback":309,"file":310,"line":311},"admin_print_styles","editor_stylesheet_and_scripts","classes\\WPEditorAdmin.php",33,{"type":271,"name":308,"callback":309,"file":310,"line":313},48,{"type":271,"name":315,"callback":316,"file":317,"line":318},"init","wpe_load_translations","wpeditor.php",73,{"type":271,"name":315,"callback":315,"file":317,"line":320},88,{"type":296,"name":297,"callback":322,"priority":212,"file":317,"line":323},"wpe_settings_link",91,[325,330,334,338],{"action":326,"nopriv":327,"callback":328,"hasNonce":327,"hasCapCheck":327,"file":274,"line":329},"save_wpeditor_settings",false,"save_settings",196,{"action":331,"nopriv":327,"callback":332,"hasNonce":327,"hasCapCheck":327,"file":274,"line":333},"save_files","save_file",199,{"action":335,"nopriv":327,"callback":336,"hasNonce":327,"hasCapCheck":327,"file":274,"line":337},"upload_files","upload_file",202,{"action":339,"nopriv":327,"callback":339,"hasNonce":327,"hasCapCheck":327,"file":274,"line":340},"ajax_folders",205,[],[],[],{"dangerousFunctions":345,"sqlUsage":353,"outputEscaping":356,"fileOperations":462,"externalRequests":29,"nonceChecks":463,"capabilityChecks":464,"bundledLibraries":465},[346,350],{"fn":347,"file":274,"line":348,"context":349},"unserialize",164,"$wpeditor_roles = unserialize( $wpeditor_roles );",{"fn":347,"file":310,"line":351,"context":352},6,"$page_roles = unserialize( $page_roles);",{"prepared":354,"raw":29,"locations":355},8,[],{"escaped":357,"rawEcho":358,"locations":359},82,51,[360,363,365,368,370,372,374,377,380,383,386,388,390,392,394,396,398,400,402,404,406,408,410,413,415,417,418,420,421,422,423,425,427,429,431,433,435,438,440,442,444,446,447,448,449,451,453,454,456,458,460],{"file":310,"line":361,"context":362},54,"raw output",{"file":310,"line":364,"context":362},59,{"file":366,"line":367,"context":362},"classes\\WPEditorAjax.php",47,{"file":366,"line":369,"context":362},74,{"file":366,"line":371,"context":362},175,{"file":366,"line":373,"context":362},223,{"file":375,"line":376,"context":362},"classes\\WPEditorBrowser.php",417,{"file":378,"line":379,"context":362},"classes\\WPEditorPlugins.php",94,{"file":381,"line":382,"context":362},"classes\\WPEditorThemes.php",139,{"file":384,"line":385,"context":362},"views\\OLDsettings.php",247,{"file":384,"line":387,"context":362},322,{"file":384,"line":389,"context":362},352,{"file":384,"line":391,"context":362},370,{"file":384,"line":393,"context":362},535,{"file":384,"line":395,"context":362},610,{"file":384,"line":397,"context":362},640,{"file":384,"line":399,"context":362},658,{"file":384,"line":401,"context":362},784,{"file":384,"line":403,"context":362},859,{"file":384,"line":405,"context":362},889,{"file":384,"line":407,"context":362},907,{"file":384,"line":409,"context":362},1004,{"file":411,"line":412,"context":362},"views\\plugin-editor.php",37,{"file":411,"line":414,"context":362},40,{"file":411,"line":416,"context":362},44,{"file":411,"line":367,"context":362},{"file":411,"line":419,"context":362},68,{"file":411,"line":419,"context":362},{"file":411,"line":419,"context":362},{"file":411,"line":320,"context":362},{"file":411,"line":424,"context":362},227,{"file":411,"line":426,"context":362},246,{"file":411,"line":428,"context":362},258,{"file":411,"line":430,"context":362},291,{"file":411,"line":432,"context":362},313,{"file":411,"line":434,"context":362},341,{"file":436,"line":437,"context":362},"views\\settings.php",52,{"file":436,"line":439,"context":362},76,{"file":441,"line":87,"context":362},"views\\theme-editor.php",{"file":441,"line":443,"context":362},46,{"file":441,"line":445,"context":362},62,{"file":441,"line":439,"context":362},{"file":441,"line":439,"context":362},{"file":441,"line":439,"context":362},{"file":441,"line":450,"context":362},97,{"file":441,"line":452,"context":362},228,{"file":441,"line":385,"context":362},{"file":441,"line":455,"context":362},259,{"file":441,"line":457,"context":362},292,{"file":441,"line":459,"context":362},314,{"file":441,"line":461,"context":362},342,28,14,16,[466],{"name":467,"version":38,"knownCves":468},"jQuery",[],[470,487,495,518,530,546,561,577,596,607,621],{"entryPoint":471,"graph":472,"unsanitizedCount":48,"severity":41},"log (classes\\WPEditorLog.php:4)",{"nodes":473,"edges":485},[474,479],{"id":475,"type":476,"label":477,"file":478,"line":354},"n0","source","$_SERVER","classes\\WPEditorLog.php",{"id":480,"type":481,"label":482,"file":478,"line":483,"wp_function":484},"n1","sink","file_put_contents() [File Write]",12,"file_put_contents",[486],{"from":475,"to":480,"sanitized":327},{"entryPoint":488,"graph":489,"unsanitizedCount":48,"severity":41},"\u003CWPEditorLog> (classes\\WPEditorLog.php:0)",{"nodes":490,"edges":493},[491,492],{"id":475,"type":476,"label":477,"file":478,"line":354},{"id":480,"type":481,"label":482,"file":478,"line":483,"wp_function":484},[494],{"from":475,"to":480,"sanitized":327},{"entryPoint":496,"graph":497,"unsanitizedCount":29,"severity":517},"save_file (classes\\WPEditorAjax.php:79)",{"nodes":498,"edges":513},[499,502,506,508],{"id":475,"type":476,"label":500,"file":366,"line":501},"$_POST",109,{"id":480,"type":481,"label":503,"file":366,"line":504,"wp_function":505},"file_get_contents() [SSRF\u002FLFI]",125,"file_get_contents",{"id":507,"type":476,"label":500,"file":366,"line":501},"n2",{"id":509,"type":481,"label":510,"file":366,"line":511,"wp_function":512},"n3","fopen() [File Access]",129,"fopen",[514,516],{"from":475,"to":480,"sanitized":515},true,{"from":507,"to":509,"sanitized":515},"low",{"entryPoint":519,"graph":520,"unsanitizedCount":29,"severity":517},"ajax_folders (classes\\WPEditorAjax.php:180)",{"nodes":521,"edges":528},[522,525],{"id":475,"type":476,"label":523,"file":366,"line":524},"$_REQUEST",206,{"id":480,"type":481,"label":526,"file":366,"line":373,"wp_function":527},"echo() [XSS]","echo",[529],{"from":475,"to":480,"sanitized":515},{"entryPoint":531,"graph":532,"unsanitizedCount":29,"severity":517},"\u003CWPEditorAjax> (classes\\WPEditorAjax.php:0)",{"nodes":533,"edges":542},[534,535,536,537,538,540],{"id":475,"type":476,"label":500,"file":366,"line":501},{"id":480,"type":481,"label":503,"file":366,"line":504,"wp_function":505},{"id":507,"type":476,"label":500,"file":366,"line":501},{"id":509,"type":481,"label":510,"file":366,"line":511,"wp_function":512},{"id":539,"type":476,"label":523,"file":366,"line":524},"n4",{"id":541,"type":481,"label":526,"file":366,"line":373,"wp_function":527},"n5",[543,544,545],{"from":475,"to":480,"sanitized":515},{"from":507,"to":509,"sanitized":515},{"from":539,"to":541,"sanitized":515},{"entryPoint":547,"graph":548,"unsanitizedCount":29,"severity":517},"add_plugins_page (classes\\WPEditorPlugins.php:4)",{"nodes":549,"edges":558},[550,553,555,556],{"id":475,"type":476,"label":551,"file":378,"line":552},"$_REQUEST (x2)",31,{"id":480,"type":481,"label":503,"file":378,"line":554,"wp_function":505},66,{"id":507,"type":476,"label":523,"file":378,"line":552},{"id":509,"type":481,"label":510,"file":378,"line":557,"wp_function":512},70,[559,560],{"from":475,"to":480,"sanitized":515},{"from":507,"to":509,"sanitized":515},{"entryPoint":562,"graph":563,"unsanitizedCount":29,"severity":517},"create_new_plugin (classes\\WPEditorPlugins.php:97)",{"nodes":564,"edges":574},[565,567,569,570],{"id":475,"type":476,"label":566,"file":378,"line":192},"$_POST (x2)",{"id":480,"type":481,"label":482,"file":378,"line":568,"wp_function":484},113,{"id":507,"type":476,"label":500,"file":378,"line":192},{"id":509,"type":481,"label":571,"file":378,"line":572,"wp_function":573},"wp_redirect() [Open Redirect]",114,"wp_redirect",[575,576],{"from":475,"to":480,"sanitized":515},{"from":507,"to":509,"sanitized":515},{"entryPoint":578,"graph":579,"unsanitizedCount":29,"severity":517},"\u003CWPEditorPlugins> (classes\\WPEditorPlugins.php:0)",{"nodes":580,"edges":591},[581,582,583,584,585,586,587,589],{"id":475,"type":476,"label":551,"file":378,"line":552},{"id":480,"type":481,"label":503,"file":378,"line":554,"wp_function":505},{"id":507,"type":476,"label":523,"file":378,"line":552},{"id":509,"type":481,"label":510,"file":378,"line":557,"wp_function":512},{"id":539,"type":476,"label":566,"file":378,"line":192},{"id":541,"type":481,"label":482,"file":378,"line":568,"wp_function":484},{"id":588,"type":476,"label":500,"file":378,"line":192},"n6",{"id":590,"type":481,"label":571,"file":378,"line":572,"wp_function":573},"n7",[592,593,594,595],{"from":475,"to":480,"sanitized":515},{"from":507,"to":509,"sanitized":515},{"from":539,"to":541,"sanitized":515},{"from":588,"to":590,"sanitized":515},{"entryPoint":597,"graph":598,"unsanitizedCount":29,"severity":517},"add_themes_page (classes\\WPEditorThemes.php:4)",{"nodes":599,"edges":604},[600,601,602,603],{"id":475,"type":476,"label":551,"file":381,"line":412},{"id":480,"type":481,"label":503,"file":381,"line":501,"wp_function":505},{"id":507,"type":476,"label":523,"file":381,"line":412},{"id":509,"type":481,"label":510,"file":381,"line":568,"wp_function":512},[605,606],{"from":475,"to":480,"sanitized":515},{"from":507,"to":509,"sanitized":515},{"entryPoint":608,"graph":609,"unsanitizedCount":29,"severity":517},"create_new_theme (classes\\WPEditorThemes.php:142)",{"nodes":610,"edges":618},[611,613,615,616],{"id":475,"type":476,"label":566,"file":381,"line":612},145,{"id":480,"type":481,"label":482,"file":381,"line":614,"wp_function":484},155,{"id":507,"type":476,"label":500,"file":381,"line":612},{"id":509,"type":481,"label":571,"file":381,"line":617,"wp_function":573},156,[619,620],{"from":475,"to":480,"sanitized":515},{"from":507,"to":509,"sanitized":515},{"entryPoint":622,"graph":623,"unsanitizedCount":29,"severity":517},"\u003CWPEditorThemes> (classes\\WPEditorThemes.php:0)",{"nodes":624,"edges":633},[625,626,627,628,629,630,631,632],{"id":475,"type":476,"label":551,"file":381,"line":412},{"id":480,"type":481,"label":503,"file":381,"line":501,"wp_function":505},{"id":507,"type":476,"label":523,"file":381,"line":412},{"id":509,"type":481,"label":510,"file":381,"line":568,"wp_function":512},{"id":539,"type":476,"label":566,"file":381,"line":612},{"id":541,"type":481,"label":482,"file":381,"line":614,"wp_function":484},{"id":588,"type":476,"label":500,"file":381,"line":612},{"id":590,"type":481,"label":571,"file":381,"line":617,"wp_function":573},[634,635,636,637],{"from":475,"to":480,"sanitized":515},{"from":507,"to":509,"sanitized":515},{"from":539,"to":541,"sanitized":515},{"from":588,"to":590,"sanitized":515},{"summary":639,"deductions":640},"The \"wp-editor\" plugin, version 1.2.9.3, presents a mixed security posture. While it demonstrates good practices such as 100% prepared SQL statements and a reasonable number of capability checks, significant concerns arise from its attack surface and past vulnerability history.  The plugin exposes 4 AJAX handlers without any authentication checks, creating a substantial entry point for unauthorized actions. Furthermore, the presence of two \"unserialize\" calls, especially in conjunction with a history of \"Deserialization of Untrusted Data\" vulnerabilities, indicates a potential risk for attackers to exploit logic flaws or gain arbitrary code execution if they can influence the serialized data.  The taint analysis shows two flows with unsanitized paths, which, while not rated as critical or high in this specific analysis, are concerning when combined with the lack of authorization on AJAX endpoints.",[641,643,646,648,650],{"reason":642,"points":190},"4 AJAX handlers without auth checks",{"reason":644,"points":645},"2 dangerous functions (unserialize)",15,{"reason":647,"points":212},"2 flows with unsanitized paths",{"reason":649,"points":351},"62% of output properly escaped (133 total)",{"reason":651,"points":645},"9 known CVEs with past critical\u002Fhigh severity","2026-03-16T17:26:19.365Z",{"wat":654,"direct":705},{"assetPaths":655,"generatorPatterns":679,"scriptPaths":680,"versionParams":681},[656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678],"\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Face\u002Face.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fapp.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fcodemirror.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fjavascript.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fphp.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fsql.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fxml.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fcss.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fhtmlmixed.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fclosebrackets.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fmatchbrackets.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fshow-hint.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fjavascript-hint.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fhtml-hint.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fcss-hint.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fany-hint.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fjs\u002Fjquery.jstree.js","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fcss\u002Fapp.css","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fcss\u002Fcodemirror.css","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fcss\u002Fcodemirror-theme-elegant.css","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fcss\u002Fcodemirror-theme-monokai.css","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fcss\u002Fcodemirror-theme-xq-light.css","\u002Fwp-content\u002Fplugins\u002Fwp-editor\u002Fassets\u002Fcss\u002Fcodemirror-theme-zenburn.css",[],[656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672],[682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704],"wp-editor\u002Fassets\u002Fjs\u002Face\u002Face.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fapp.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fcodemirror.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fjavascript.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fphp.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fsql.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fxml.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fcss.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Fmode\u002Fhtmlmixed.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fclosebrackets.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fedit\u002Fmatchbrackets.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fshow-hint.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fjavascript-hint.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fhtml-hint.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fcss-hint.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fcodemirror\u002Faddon\u002Fhint\u002Fany-hint.js?ver=","wp-editor\u002Fassets\u002Fjs\u002Fjquery.jstree.js?ver=","wp-editor\u002Fassets\u002Fcss\u002Fapp.css?ver=","wp-editor\u002Fassets\u002Fcss\u002Fcodemirror.css?ver=","wp-editor\u002Fassets\u002Fcss\u002Fcodemirror-theme-elegant.css?ver=","wp-editor\u002Fassets\u002Fcss\u002Fcodemirror-theme-monokai.css?ver=","wp-editor\u002Fassets\u002Fcss\u002Fcodemirror-theme-xq-light.css?ver=","wp-editor\u002Fassets\u002Fcss\u002Fcodemirror-theme-zenburn.css?ver=",{"cssClasses":706,"htmlComments":712,"htmlAttributes":717,"restEndpoints":720,"jsGlobals":721,"shortcodeOutput":724},[707,708,709,710,711],"plugin-editor-container","plugin-editor-file-list","plugin-editor-content-wrapper","plugin-editor-controls","plugin-editor-save-button",[713,714,715,716],"\u003C!-- WPEditor: Plugin Editor -->","\u003C!-- Plugin File List -->","\u003C!-- Editor Area -->","\u003C!-- Controls -->",[718,719],"data-plugin-file","data-plugin-name",[],[722,723],"WPEditor","wpeditor_plugin_editor",[]]