Does WYSIWYG Editing have any unpatched vulnerabilities?

No. All known vulnerabilities in WYSIWYG Editing have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is WYSIWYG Editing updated?

WYSIWYG Editing was last updated on Mar 24, 2005. Frequent updates are generally a positive security signal.

What is WYSIWYG Editing's security score?

WYSIWYG Editing has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WYSIWYG Editing Security & Risk Analysis

wordpress.org/plugins/wysiwyg

This plugin activates WYSIWYG (what you see is what you get) editing for different fields in WordPress. It is based on the <a href="http://www.themaninblue.com/experiment/widgEditor/">widgEditor</a>.

80 active installs v1.0 PHP + WP + Updated Mar 24, 2005

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WYSIWYG Editing Safe to Use in 2026?

Generally Safe

Score 85/100

WYSIWYG Editing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21yr ago

Risk Assessment

The static analysis of the "wysiwyg" v1.0 plugin reveals an extremely limited attack surface. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, meaning there are no apparent direct entry points for external interaction. Furthermore, the code signals indicate a strong adherence to secure coding practices, with no dangerous functions, no SQL queries (and therefore no unescaped SQL), and all output is properly escaped. The absence of file operations and external HTTP requests further reduces potential risks.

The taint analysis also shows no flows, which, in conjunction with the lack of entry points and the absence of vulnerabilities in its history, suggests that this plugin, in its current state, has not exposed any exploitable code paths. The vulnerability history is completely clean, with no recorded CVEs of any severity. This suggests either a lack of historical scrutiny or a genuinely well-developed and secure plugin.

However, the lack of any security checks like nonce or capability checks, while not directly exploitable due to the absence of entry points, does represent a potential weakness. If future versions introduce any entry points without implementing these checks, it could lead to vulnerabilities. The overall security posture is excellent in terms of current code and history, but the complete absence of standard security controls for potential future expansion is a minor concern.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

WYSIWYG Editing Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WYSIWYG Editing Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

WYSIWYG Editing Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

filtercontent_save_prewysiwyg.php:1952

actionadmin_headwysiwyg.php:1954

Maintenance & Trust

WYSIWYG Editing Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedMar 24, 2005

PHP min version

Downloads23K

Community Trust

Rating20/100

Number of ratings1

Active installs80

Alternatives

WYSIWYG Editing Alternatives

No alternatives data available yet.

Developer Profile

WYSIWYG Editing Developer Profile

Automattic

393 plugins · 20.8M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

1192 days

View full developer profile

Detection Fingerprints

How We Detect WYSIWYG Editing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wysiwyg/wysiwyg-images/widgeditor_button_shadow.gif/wp-content/plugins/wysiwyg/wysiwyg-images/widgeditor_button_bold.gif/wp-content/plugins/wysiwyg/wysiwyg-images/widgeditor_button_html.gif/wp-content/plugins/wysiwyg/wysiwyg-images/widgeditor_button_image.gif/wp-content/plugins/wysiwyg/wysiwyg-images/widgeditor_button_italic.gif/wp-content/plugins/wysiwyg/wysiwyg-images/widgeditor_button_link.gif/wp-content/plugins/wysiwyg/wysiwyg-images/widgeditor_button_ordered.gif/wp-content/plugins/wysiwyg/wysiwyg-images/widgeditor_button_unordered.gif+2 more

Script Paths

/wp-content/plugins/wysiwyg/wysiwyg.php?file=widgEditor.js

Version Parameters

wysiwyg/wysiwyg.php?file=widgContent.css?ver=wysiwyg/wysiwyg.php?file=widgEditor.css?ver=wysiwyg/wysiwyg.php?file=widgEditor.js?ver=

HTML / DOM Fingerprints

CSS Classes

widgContainerwidgToolbarwidgEditButtonwidgEditSelectwidgIframewidgEditorwidgToolbar awidgToolbar a:hover+19 more

HTML Comments

/* HTML TAGS *//* OBJECTS *//* CLASSES */

/******************************************************************************
** STRUCTURE OF DYNAMICALLY CREATED ELEMENTS
*******************************************************************************
**
** <div id="ORIGINAL_IDWidgContainer" class="widgContainer">
**     <ul id="ORIGINAL_IDWidgToolbar" class="widgToolbar">
**         <li id="BUTTON_ID" class="widgEditButton">
**             <a></a>
**         </li>
**         <li class="widgEditSelect">
**             <select>
**             </select>
**         </li>
**     </ul>
**     <iframe id="ORIGINAL_IDWidgIframe" class="widgIframe">
**     </iframe>
**     <textarea id="ORIGINAL_IDWidgTextarea" class="widgEditor">
**     </textarea>
** </div>
*/

+94 more

Data Attributes

id="ORIGINAL_IDWidgContainer"class="widgContainer"id="ORIGINAL_IDWidgToolbar"class="widgToolbar"id="BUTTON_ID"class="widgEditButton"+5 more

JS Globals

widgStylesheetwidgToolbarItemswidgSelectBlockOptions

FAQ