Editor enhancement plugins operate directly on the boundary between content creation, rich-text formatting, block editor behavior, Classic Editor compatibility, and front-end rendering. These plugins influence how authors create content, how formatting is stored, how editor settings are applied, and how HTML produced by rich-text tools eventually appears on public pages. A weakness in this class of plugin can lead to stored XSS through editor content or settings, unauthorized configuration changes, unsafe handling of imported settings, editor privilege boundary failures, or rendering issues where user-controlled formatting reaches HTML, CSS, or attribute contexts. Advanced Editor Tools version 5.9.2, previously known as TinyMCE Advanced, has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64654, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for WordPress editor, TinyMCE, Classic Paragraph, toolbar customization, and rich-text formatting plugins.
| Name of | Advanced Editor Tools |
| Version | 5.9.2 |
| Active installations | 2+ million |
| Description | Advanced Editor Tools, previously TinyMCE Advanced, extends the WordPress editing experience by adding a Classic Paragraph block, richer TinyMCE toolbar controls, formatting buttons, table tools, search and replace, font family and font size options, settings import/export, and compatibility features for users who need Classic Editor-style workflows inside modern WordPress. |
| Security | Successfully tested for: SQL Injection (SQLi) Cross-Site Scripting (XSS) – Stored & Reflected Cross-Site Request Forgery (CSRF) Authentication Vulnerabilities Authentication Bypass Exploits Privilege Escalation Buffer Overflow Denial-of-Service (DoS) vectors Data Leakage Vulnerabilities Insecure Dependency Usage Remote Code Execution (RCE) Risks Unauthorized File Access Insufficient Injection Protection Information Disclosure via Misconfigured Endpoints |
| CleanTalk Certification | Proudly earned the “Plugin Security Certification” (PSC) from CleanTalk, indicating adherence to stringent security standards. |
| Additional Information | Use Advanced Editor Tools with confidence backed by the “Plugin Security Certification” (PSC). Always verify the latest plugin details and keep WordPress core, editor-related plugins, themes, and dependent components up to date. |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
PSC by CleantalkJoin the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Key Features
Advanced Editor Tools extends the WordPress editing workflow by giving users more control over the rich-text editing experience in both the block editor and Classic Editor-compatible environments. The plugin introduces a Classic Paragraph block for Gutenberg, allows the Classic Paragraph or Classic block to be used as a default editing experience, supports converting many default blocks to classic paragraphs and back, and provides configurable TinyMCE toolbar rows with buttons for formatting, tables, font families, font sizes, text colors, background colors, lists, and search and replace. It also includes TinyMCE plugins that are enabled or disabled depending on selected toolbar buttons, options for keeping paragraph tags in text mode, advanced table settings, and import/export functionality for editor settings. These capabilities matter from a security perspective because they touch several sensitive content surfaces: editor configuration, toolbar settings, rich-text HTML generation, table and inline-style handling, block conversion, settings import/export, and content rendering across admin and front-end contexts.
Security Assurance
The CleanTalk Plugin Security Certification evaluation for editor enhancement plugins focuses on the risks created when configurable editing features generate HTML, styles, block content, or stored editor settings. In this class of software, common abuse patterns include attempts to inject unsafe markup through rich-text controls, store malicious formatting settings, abuse toolbar or TinyMCE configuration values, manipulate imported settings files, exploit weak capability checks around editor configuration, or trigger unauthorized changes through CSRF against administrators. Because editor plugins directly influence the content-authoring pipeline, the review validates that settings changes are protected by appropriate roles and capability checks, that state-changing operations use nonce validation, and that user-controlled editor configuration and rendered output are sanitized and escaped according to their final HTML, CSS, attribute, or JavaScript context. Particular attention is paid to stored XSS prevention, safe TinyMCE configuration, block and Classic Paragraph rendering, settings import/export safety, table and inline-style handling, and preventing editor convenience features from becoming injection, disclosure, or privilege boundary failures.
The plugin has been successfully tested for:
✅ Information Leakage Vulnerabilities
✅ SQL Injection Vulnerabilities
✅ Cross-Site Scripting (XSS) Attacks
✅ Cross-Site Request Forgery (CSRF) Attacks
✅ Authentication & Authentication Bypass Vulnerabilities
✅ Privilege Escalation Vulnerabilities
✅ Buffer Overflow Vulnerabilities
✅ Denial-of-Service (DoS) Vulnerabilities
✅ Data Leakage Vulnerabilities
✅ Insecure Dependencies
✅ Code Execution Vulnerabilities
✅ File Unauthorized Access Vulnerabilities
✅ Insufficient Injection Protection
Conclusion
With PSC-2026-64654, Advanced Editor Tools version 5.9.2 demonstrates a strong baseline security posture for the workflows that matter most in WordPress editor enhancement: managing TinyMCE toolbar controls, supporting Classic Paragraph editing, converting content between block and classic formats, handling table and formatting options, importing and exporting settings, and rendering rich-text content safely across editing and public-facing contexts. This certification helps site owners and development teams reduce risk when extending the WordPress editor with advanced formatting controls that influence how stored content is created and displayed. As a best practice, restrict who can manage editor settings, review imported configuration files before applying them, keep authoring permissions aligned with site policy, test editor behavior after WordPress updates, and keep WordPress core, Advanced Editor Tools, themes, and editor-related plugins up to date.
Note: The date and certification information may change over time. It is advisable to verify the latest details on the plugin developer’s website.