[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fO7qf1Yls7uKq4Wym2viC_oSb0NP-R5lRt_FAx8565hk":3,"$fIMtADx3cFOnnvJvctaQbVA4c0_nWv3Zaw_rqhNM0IEU":327,"$fDxnGET5HutsFnPgXTZsNBbY4T_9vMR-i8AxTGKeggoY":331},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":48,"crawl_stats":36,"alternatives":52,"analysis":157,"fingerprints":306},"admin-note","Admin Notes","1.1","minhlaobao","https:\u002F\u002Fprofiles.wordpress.org\u002Fminhlaobao\u002F","\u003Cp>WordPress admin note.\u003Cbr \u002F>\nThanks you for using plugin.\u003C\u002Fp>\n\u003Cp>Welcome to my site: http:\u002F\u002Fbegood.vn\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fbegood.vn\" rel=\"nofollow ugc\">Vietsub\u003C\u002Fa>\u003C\u002Fp>\n","Create notes for admin, one can assign to certain members easily.",10,2879,86,4,"2014-01-23T09:52:00.000Z","3.4.2","3.0.1","",[4,20,21,22],"admin-note-add-user","admin-note-user","admin-notes","http:\u002F\u002Fchangeyourthinking.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-note.zip",63,1,"2025-06-05 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":36,"patch_diff_files":45,"patch_trac_url":36,"research_status":36,"research_verified":46,"research_rounds_completed":47,"research_plan":36,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":36,"research_started_at":36,"research_completed_at":36,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":46,"poc_model_used":36,"poc_verification_depth":36},"CVE-2025-49446","admin-notes-cross-site-request-forgery","Admin Notes \u003C= 1.1 - Cross-Site Request Forgery","The Admin Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-06-11 14:57:51",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc7907277-ee09-4a4e-a65c-13f18be65473?source=api-prod",[],false,0,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},30,68,"2026-05-20T00:33:04.363Z",[53,77,102,122,140],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":18,"download_link":74,"security_score":75,"vuln_count":26,"unpatched_count":47,"last_vuln_date":76,"fetched_at":28},"wb-sticky-notes","Sticky Notes for WP Dashboard","1.2.6","Web Builder 143","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebbuilder143\u002F","\u003Cp>Need a simple way to stay organized inside your WordPress admin area? \u003Cstrong>Sticky Notes for WP Dashboard\u003C\u002Fstrong> lets you add customizable sticky notes right to your dashboard—just like the ones on your desk, but smarter.\u003C\u002Fp>\n\u003Cp>Use it to jot down reminders, create to-do lists, or leave quick notes for other users. Each note can be styled, resized, and moved around to fit the way you work. Whether you’re managing a personal site or running a team, Sticky Notes makes it easy to keep important information front and center.\u003C\u002Fp>\n\u003Ch3>Why you’ll love Sticky Notes for WP Dashboard:\u003C\u002Fh3>\n\u003Cp>– Create as many sticky notes as you need, anywhere in the admin dashboard\u003Cbr \u002F>\n– Change colors, fonts, and themes to match your style\u003Cbr \u002F>\n– Drag and drop notes to position them exactly where you want\u003Cbr \u002F>\n– Show or hide notes with one click\u003Cbr \u002F>\n– Duplicate, archive, and organize notes easily\u003Cbr \u002F>\n– Control who can access notes with user role restrictions\u003Cbr \u002F>\n– Option to hide notes on specific admin pages for a cleaner view\u003C\u002Fp>\n\u003Cp>With an intuitive interface and zero setup required, Sticky Notes for WP Dashboard is a must-have productivity tool for any WP site owner.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create sticky notes directly on your WP admin dashboard  \u003C\u002Fli>\n\u003Cli>Easy-to-use interface for quick note management  \u003C\u002Fli>\n\u003Cli>Customize notes with themes, colors, and fonts  \u003C\u002Fli>\n\u003Cli>Resizable and movable notes for better organization  \u003C\u002Fli>\n\u003Cli>Hide or show notes globally with one click  \u003C\u002Fli>\n\u003Cli>Duplicate notes with a single click  \u003C\u002Fli>\n\u003Cli>Archive notes for future reference  \u003C\u002Fli>\n\u003Cli>Disable sticky notes on specific admin pages  \u003C\u002Fli>\n\u003Cli>Limit note access by user roles\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Our Other Free Plugins\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwb-custom-product-tabs-for-woocommerce\u002F\" rel=\"ugc\">Custom Product Tabs for WooCommerce\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwb-mail-logger\u002F\" rel=\"ugc\">Mail Logger for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Create sticky notes in your WP admin for reminders and to-dos. Restrict notes by user roles and disable them on specific pages.",1000,17184,100,6,"2026-03-26T17:19:00.000Z","7.0","3.5.0","5.6",[22,70,71,72,73],"dashboard-notes","notes","reminders","sticky-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwb-sticky-notes.1.2.6.zip",99,"2025-12-31 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":97,"download_link":98,"security_score":99,"vuln_count":100,"unpatched_count":47,"last_vuln_date":101,"fetched_at":28},"user-notes","User Notes","2.0.0","cartpauj","https:\u002F\u002Fprofiles.wordpress.org\u002Fcartpauj\u002F","\u003Cp>This plugin adds a text editor area to each User Profile in the dashboard for Administrators to keep private notes about each User. The notes are ONLY visible to Administrators — that’s the whole point! It also adds a column to the “All Users” list where you can quickly see the note for the user without having to even open their profile.\u003C\u002Fp>\n\u003Cp>It is especially handy for \u003Ca href=\"http:\u002F\u002Fwww.memberpress.com\u002F?aff=20\" title=\"Best membership plugin for WordPress\" rel=\"nofollow ugc\">Membership Sites\u003C\u002Fa> where you may have thousands of members to deal with and need to remember special circumstances for them.\u003C\u002Fp>\n","Keep private notes about each of your users that only Administrators can see.",900,15223,96,15,"2026-04-12T20:46:00.000Z","6.9.4","6.0",[22,93,94,95,96],"note","private-notes","secure-notes","user","https:\u002F\u002Fgithub.com\u002Fcartpauj\u002Fuser-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.2.0.0.zip",98,2,"2025-09-26 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":14,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":119,"download_link":120,"security_score":121,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"simple-admin-notes","Simple Admin Notes","1.4.0","wycks","https:\u002F\u002Fprofiles.wordpress.org\u002Fwycks\u002F","\u003Cp>Like a built in notepad, leave notes for clients or yourself in the WordPress admin.  Attach notes to above or below the editor of a post (or page or custom post type) and also has a default “Notes” section available from the admin menu which you can hide or show.\u003C\u002Fp>\n\u003Cp>The style of the notes section has been updated with the changes in WordPress 3.8+. Please note that the UI will not look great on WordPress version lower then 3.8 and there are no plans to fix this.\u003C\u002Fp>\n\u003Cp>Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses WordPress’s built in custom post types\u003C\u002Fli>\n\u003Cli>Functions with default WYSIWYG editor\u003C\u002Fli>\n\u003Cli>Uses WordPress’s meta fields if set to display on post edit screens\u003C\u002Fli>\n\u003Cli>Shows “Notes” on one page in tab format (can be excluded)\u003C\u002Fli>\n\u003Cli>Will not show in front end or search\u003C\u002Fli>\n\u003Cli>Requires default post privileges\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Notes :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It is currently only possible to set one note per post and one location (above or below editor)\u003C\u002Fli>\n\u003Cli>Works with password protection in default section\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please report issues to:  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwycks\u002FSimple-Admin-Notes\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fwycks\u002FSimple-Admin-Notes\u003C\u002Fa>\u003C\u002Fp>\n","Adds a simple \"Notes\" section to the admin menu or posts",200,11688,66,"2013-12-30T16:31:00.000Z","3.7.41","3.5",[22,117,118,71],"client-notes","notepad","https:\u002F\u002Fgithub.com\u002Fwycks\u002FSimple-Admin-Notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-admin-notes.1.4.0.zip",85,{"slug":123,"name":124,"version":6,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":63,"downloaded":129,"rating":63,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":18,"tags":134,"homepage":18,"download_link":139,"security_score":121,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"products-admin-notes-simple","Product Admin Notes Simple","jamiehall16","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamiehall16\u002F","\u003Cp>Simple plugin to add an admin notes field to products, nothing complicated just gets the job done!\u003C\u002Fp>\n","Simple plugin to add an admin notes field to products, nothing complicated just gets the job done!",3044,8,"2017-08-01T08:24:00.000Z","4.8.28","4.8",[22,135,136,137,138],"product-notes","products","products-notes","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproducts-admin-notes-simple.zip",{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":63,"num_ratings":26,"last_updated":150,"tested_up_to":151,"requires_at_least":152,"requires_php":66,"tags":153,"homepage":155,"download_link":156,"security_score":121,"vuln_count":47,"unpatched_count":47,"last_vuln_date":36,"fetched_at":28},"a-note-above-wp-dashboard-notes","A Note Above – WP Dashboard Notes","2.0.2","brownbrowniebrownerson","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrownbrowniebrownerson\u002F","\u003Cp>A Note Above allows you to save notes on your WP Admin Dashboard. After installing A Note Above a widget will be added to your Dashboard. Add as many notes as you would like. Share your notes by role or keep a note to yourself.\u003Cbr \u002F>\nEach note is collapsed. Simply click on the title of your note to reveal the notes contents.\u003C\u002Fp>\n","A WordPress Note taking system to live on your WP Admin dashboard.",50,2069,"2023-11-12T00:57:00.000Z","6.4.8","5.0",[22,70,71,78,154],"wp-notes","https:\u002F\u002Fjoshbrown-designs.com\u002Fa-note-above\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fa-note-above-wp-dashboard-notes.2.0.2.zip",{"attackSurface":158,"codeSignals":174,"taintFlows":239,"riskAssessment":290,"analyzedAt":305},{"hooks":159,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":47,"unprotectedCount":47},[160,166],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","admin_head","add_custom_style","adminnote.php",52,{"type":161,"name":167,"callback":168,"file":164,"line":169},"admin_menu","admin_note_menu",376,[],[],[],[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":198,"fileOperations":47,"externalRequests":47,"nonceChecks":47,"capabilityChecks":26,"bundledLibraries":238},[],{"prepared":47,"raw":130,"locations":177},[178,181,184,187,189,191,193,196],{"file":164,"line":179,"context":180},57,"$wpdb->get_row() with variable interpolation",{"file":164,"line":182,"context":183},84,"$wpdb->get_var() with variable interpolation",{"file":164,"line":185,"context":186},150,"$wpdb->get_results() with variable interpolation",{"file":164,"line":188,"context":186},227,{"file":164,"line":190,"context":180},298,{"file":164,"line":192,"context":186},299,{"file":194,"line":195,"context":186},"adminnoteajax.php",14,{"file":194,"line":197,"context":180},35,{"escaped":47,"rawEcho":199,"locations":200},20,[201,204,206,208,210,212,214,215,217,219,221,223,225,227,228,230,232,233,235,236],{"file":164,"line":202,"context":203},48,"raw output",{"file":164,"line":205,"context":203},49,{"file":164,"line":207,"context":203},173,{"file":164,"line":209,"context":203},179,{"file":164,"line":211,"context":203},180,{"file":164,"line":213,"context":203},181,{"file":164,"line":213,"context":203},{"file":164,"line":216,"context":203},182,{"file":164,"line":218,"context":203},183,{"file":164,"line":220,"context":203},184,{"file":164,"line":222,"context":203},195,{"file":164,"line":224,"context":203},202,{"file":164,"line":226,"context":203},273,{"file":164,"line":226,"context":203},{"file":164,"line":229,"context":203},337,{"file":164,"line":231,"context":203},347,{"file":164,"line":231,"context":203},{"file":164,"line":234,"context":203},351,{"file":164,"line":234,"context":203},{"file":194,"line":237,"context":203},29,[],[240,267,278],{"entryPoint":241,"graph":242,"unsanitizedCount":47,"severity":266},"admin_note_menu_callback (adminnote.php:61)",{"nodes":243,"edges":262},[244,249,254,258],{"id":245,"type":246,"label":247,"file":164,"line":248},"n0","source","$_GET (x2)",89,{"id":250,"type":251,"label":252,"file":164,"line":222,"wp_function":253},"n1","sink","echo() [XSS]","echo",{"id":255,"type":246,"label":256,"file":164,"line":257},"n2","$_GET",296,{"id":259,"type":251,"label":260,"file":164,"line":190,"wp_function":261},"n3","get_row() [SQLi]","get_row",[263,265],{"from":245,"to":250,"sanitized":264},true,{"from":255,"to":259,"sanitized":264},"low",{"entryPoint":268,"graph":269,"unsanitizedCount":47,"severity":266},"\u003Cadminnote> (adminnote.php:0)",{"nodes":270,"edges":275},[271,272,273,274],{"id":245,"type":246,"label":247,"file":164,"line":248},{"id":250,"type":251,"label":252,"file":164,"line":222,"wp_function":253},{"id":255,"type":246,"label":256,"file":164,"line":257},{"id":259,"type":251,"label":260,"file":164,"line":190,"wp_function":261},[276,277],{"from":245,"to":250,"sanitized":264},{"from":255,"to":259,"sanitized":264},{"entryPoint":279,"graph":280,"unsanitizedCount":26,"severity":289},"\u003Cadminnoteajax> (adminnoteajax.php:0)",{"nodes":281,"edges":287},[282,284],{"id":245,"type":246,"label":283,"file":194,"line":195},"$_POST['s']",{"id":250,"type":251,"label":285,"file":194,"line":195,"wp_function":286},"get_results() [SQLi]","get_results",[288],{"from":245,"to":250,"sanitized":46},"high",{"summary":291,"deductions":292},"The 'admin-note' plugin v1.1 exhibits a mixed security posture. While the static analysis indicates a minimal attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without proper checks, significant concerns arise from the code's internal practices.  The complete lack of prepared statements for all SQL queries, coupled with a 0% rate of proper output escaping, presents a substantial risk. The taint analysis revealing one flow with an unsanitized path and high severity further exacerbates these issues, suggesting potential for injection vulnerabilities.\n\nThe plugin's vulnerability history, despite only one known medium CVE, is concerning due to its recentness and the fact that it remains unpatched. This indicates a pattern of security oversights and a lack of prompt remediation.  While the plugin does implement one capability check, the overall lack of nonces on any entry points (though none are explicitly listed as unprotected) and the widespread use of raw SQL are critical weaknesses that overshadow the minimal attack surface.  Users should exercise extreme caution, as the internal code quality and unaddressed past vulnerabilities suggest a high likelihood of future security issues.",[293,295,298,301,303],{"reason":294,"points":199},"All SQL queries use raw statements",{"reason":296,"points":297},"No output escaping",16,{"reason":299,"points":300},"High severity unsanitized taint flow",12,{"reason":302,"points":88},"One unpatched medium CVE",{"reason":304,"points":11},"No nonce checks","2026-03-16T23:05:44.775Z",{"wat":307,"direct":316},{"assetPaths":308,"generatorPatterns":311,"scriptPaths":312,"versionParams":313},[309,310],"\u002Fwp-content\u002Fplugins\u002Fadminnote\u002Fnote.css","\u002Fwp-content\u002Fplugins\u002Fadminnote\u002Fjquery.validate.min.js",[],[310],[314,315],"adminnote\u002Fnote.css?ver=","adminnote\u002Fjquery.validate.min.js?ver=",{"cssClasses":317,"htmlComments":320,"htmlAttributes":321,"restEndpoints":323,"jsGlobals":324,"shortcodeOutput":326},[318,93,319],"pagination","note_loading",[],[322],"data-note_id",[],[325],"jQuery",[],{"error":264,"url":328,"statusCode":329,"statusMessage":330,"message":330},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fadmin-note\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":47,"versions":332},[]]