Does WP Super Edit have any unpatched vulnerabilities?

Yes — WP Super Edit currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Super Edit compatible with WordPress 5.4.0?

According to WordPress.org data, WP Super Edit 2.5.4 has been tested up to WordPress 5.4.0. Check the plugin's changelog for the latest compatibility information.

How often is WP Super Edit updated?

WP Super Edit was last updated on Mar 7, 2020. Frequent updates are generally a positive security signal.

What is WP Super Edit's security score?

WP Super Edit has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Super Edit Security & Risk Analysis

wordpress.org/plugins/wp-super-edit

Get control of the WordPress wysiwyg visual editor and add some functionality with more buttons and custom TinyMCE plugins.

2K active installs v2.5.4 PHP + WP 4.2+ Updated Mar 7, 2020

admineditorformattingtinymcewysiwyg

C · Use Caution

CVEs total1

Unpatched1

Last CVEJul 9, 2025

Plugin page Download

Safety Verdict

Is WP Super Edit Safe to Use in 2026?

Use With Caution

Score 63/100

WP Super Edit has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jul 9, 2025Updated 6yr ago

Risk Assessment

The wp-super-edit plugin exhibits a mixed security posture. On one hand, it demonstrates strong adherence to secure coding practices by predominantly using prepared statements for SQL queries and implementing capability checks. The absence of a large attack surface through AJAX, REST API, shortcodes, and cron events is also a positive indicator. However, significant concerns arise from the taint analysis, which reveals three flows with unsanitized paths, all flagged as high severity. This suggests potential vulnerabilities where user input is not properly handled, which could lead to security breaches if exploited.

The vulnerability history is a notable weakness. The presence of one unpatched medium severity CVE, specifically an 'Cross-site Scripting' vulnerability, is a direct threat. The fact that this vulnerability is recent (last updated in July 2025) and remains unpatched indicates a lack of timely security maintenance by the developers, which is a serious red flag. While the plugin has strengths in its general coding practices and limited entry points, the combination of high-severity taint flows and an unpatched XSS vulnerability presents a tangible risk that should not be overlooked.

Key Concerns

Unpatched CVE (Medium severity XSS)
High severity taint flows (3)
Output escaping not used

Vulnerabilities

WP Super Edit Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49948medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Super Edit <= 2.5.4 - Reflected Cross-Site Scripting

Jul 9, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Super Edit Code Analysis

Dangerous Functions

Raw SQL Queries

42 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

98% prepared43 total queries

Output Escaping

0% escaped1 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

do_options (wp-super-edit.admin.class.php:72)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Super Edit Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_footerwp-super-edit-admin.php:82

filtertiny_mce_before_initwp-super-edit-defaults.php:76

actionadmin_menuwp-super-edit.php:102

actionadmin_initwp-super-edit.php:103

filtermce_external_pluginswp-super-edit.php:104

filtermce_external_languageswp-super-edit.php:105

filtertiny_mce_before_initwp-super-edit.php:106

actionplugins_loadedwp-super-edit.php:110

Maintenance & Trust

WP Super Edit Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.0

Last updatedMar 7, 2020

PHP min version

Downloads366K

Community Trust

Rating74/100

Number of ratings18

Active installs2K

Alternatives

WP Super Edit Alternatives

pure writing

pure-writing

增强Wordpress的编辑器功能，让你享受纯粹的写作。

50 No CVEs

Fullscreen for WP Super Edit

fullscreen-10-for-wp-super-edit

By using it, you can enlarge your TinyMCE editor to fit the full screen of the browser, and toggle between those two views.

10 No CVEs

Black Studio TinyMCE Widget

black-studio-tinymce-widget

100

The visual editor widget for WordPress.

200K No CVEs

Advanced Image Styles

advanced-image-styles

Adjust an image's margins and border with ease in the Visual editor.

10K No CVEs

Advanced TinyMCE Configuration

advanced-tinymce-configuration

Set advanced TinyMCE options for the classic block and classic editor.

10K No CVEs

Developer Profile

WP Super Edit Developer Profile

Ahmad Awais

6 plugins · 2K total installs

trust score

Avg Security Score

80/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Super Edit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-super-edit/wp-super-edit.core.class.php/wp-content/plugins/wp-super-edit/wp-super-edit.admin.class.php/wp-content/plugins/wp-super-edit/wp-super-edit-admin.php/wp-content/plugins/wp-super-edit/languages/wp-content/plugins/wp-super-edit/wp-super-edit-defaults.php/wp-content/plugins/wp-super-edit/tinymce_plugins/

Script Paths

/wp-content/plugins/wp-super-edit/tinymce_plugins/

Version Parameters

wp-super-edit/wp-super-edit.core.class.php?ver=wp-super-edit/wp-super-edit.admin.class.php?ver=wp-super-edit/wp-super-edit-admin.php?ver=wp-super-edit/wp-super-edit-defaults.php?ver=wp-super-edit/tinymce_plugins/

HTML / DOM Fingerprints

HTML Comments

+2 more

FAQ