I've just tried a wysiwyg editor FCKeditor for pico.
In 2.3.2, I can find a fatal vulnerability in php uploader at a glance.
(.php files can be uploaded)
Thus I've remade php uploader and connector almost full scratch for XOOPS.
You can try this.
pico 0.2 has a feature of editing contents via this FCKeditor on XOOPS.
p.s. I don't test xoops.org's FCKeditor under /class/xoopseditor/ because class directory should be DENY for httpd.
And I guess the same vulnerability of original exists in the xoops.org version.