[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUitEySnnU8as1fPNHs3LVUgeQxxUUenwHUVNS4qW9pU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":53,"analysis":157,"fingerprints":219},"adminpad","AdminPad","2.6","Iftekhar Bhuiyan","https:\u002F\u002Fprofiles.wordpress.org\u002Fiftekharbhuiyan\u002F","\u003Cp>AdminPad allows WP site admin (only) to write down simple note from WP dashboard using simple widget. Deleting this plugin will also delete data saved by this plugin on your database.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Light weight plugin.\u003Cbr \u002F>\n* Simple user interface.\u003C\u002Fp>\n","AdminPad is a simple note taker for site administrator only.",900,19097,100,6,"2025-12-09T21:22:00.000Z","6.9.4","5.0","8.0",[20,21,22,23,24],"admin-note","note-taker","notepad","simple-note","site-administrator","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadminpad\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadminpad.2.6.zip",99,1,0,"2022-09-29 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-2762","adminpad-cross-site-request-forgery","AdminPad \u003C= 2.1 - Cross-Site Request Forgery","The AdminPad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the bsft_adminpad_form() function. This makes it possible for unauthenticated attackers to update the plugins adminpad content via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.1","2.2","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe9d545fc-fed0-428a-bad5-a0d7d09c04a7?source=api-prod",481,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":51,"computed_at":52},"iftekharbhuiyan",78,"2026-04-04T11:19:17.291Z",[54,77,93,117,134],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":76,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"simple-admin-notes","Simple Admin Notes","1.4.0","wycks","https:\u002F\u002Fprofiles.wordpress.org\u002Fwycks\u002F","\u003Cp>Like a built in notepad, leave notes for clients or yourself in the WordPress admin.  Attach notes to above or below the editor of a post (or page or custom post type) and also has a default “Notes” section available from the admin menu which you can hide or show.\u003C\u002Fp>\n\u003Cp>The style of the notes section has been updated with the changes in WordPress 3.8+. Please note that the UI will not look great on WordPress version lower then 3.8 and there are no plans to fix this.\u003C\u002Fp>\n\u003Cp>Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uses WordPress’s built in custom post types\u003C\u002Fli>\n\u003Cli>Functions with default WYSIWYG editor\u003C\u002Fli>\n\u003Cli>Uses WordPress’s meta fields if set to display on post edit screens\u003C\u002Fli>\n\u003Cli>Shows “Notes” on one page in tab format (can be excluded)\u003C\u002Fli>\n\u003Cli>Will not show in front end or search\u003C\u002Fli>\n\u003Cli>Requires default post privileges\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Notes :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It is currently only possible to set one note per post and one location (above or below editor)\u003C\u002Fli>\n\u003Cli>Works with password protection in default section\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please report issues to:  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwycks\u002FSimple-Admin-Notes\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fwycks\u002FSimple-Admin-Notes\u003C\u002Fa>\u003C\u002Fp>\n","Adds a simple \"Notes\" section to the admin menu or posts",200,11588,66,4,"2013-12-30T16:31:00.000Z","3.7.41","3.5","",[71,72,22,73],"admin-notes","client-notes","notes","https:\u002F\u002Fgithub.com\u002Fwycks\u002FSimple-Admin-Notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-admin-notes.1.4.0.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":29,"downloaded":85,"rating":29,"num_ratings":29,"last_updated":86,"tested_up_to":16,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":69,"download_link":92,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"notetaker-sidebar-notes","Notetaker – Sidebar Notes","1.0","samiur6688","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamiur6688\u002F","\u003Cp>\u003Cstrong>Notetaker – Sidebar Notes\u003C\u002Fstrong> is a lightweight WordPress plugin that allows you to create and manage notes directly from the WordPress admin dashboard sidebar. It provides a simple and distraction-free way to keep track of reminders, tasks, or important information while working in the admin area.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Dashboard Sidebar Integration:\u003C\u002Fstrong> Adds a top-level admin menu with submenus for editing and viewing notes.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single-Page Note Management:\u003C\u002Fstrong> Notes can be edited and viewed from dedicated pages without clutter.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Basic Text Formatting:\u003C\u002Fstrong> Supports safe HTML tags such as \u003Ccode>\u003Cb>\u003C\u002Fcode>, \u003Ccode>\u003Cstrong>\u003C\u002Fcode>, \u003Ccode>\u003Ci>\u003C\u002Fcode>, \u003Ccode>\u003Cem>\u003C\u002Fcode>, headings, lists, paragraphs, line breaks, and horizontal rules with proper sanitization.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resizable Text Area:\u003C\u002Fstrong> Includes a tall editor by default with vertical drag-resize support for convenience.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add and manage notes directly from your WordPress dashboard sidebar with a simple and user-friendly interface.",115,"2025-12-28T15:46:00.000Z","5.6","7.2",[71,90,22,73,91],"dashboard","sidebar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotetaker-sidebar-notes.1.0.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":69,"tags":108,"homepage":112,"download_link":113,"security_score":114,"vuln_count":115,"unpatched_count":29,"last_vuln_date":116,"fetched_at":31},"wp-dashboard-notes","WP Dashboard Notes","1.0.13","Jeroen Sormani","https:\u002F\u002Fprofiles.wordpress.org\u002Fsormano\u002F","\u003Cp>Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Colored notes\u003C\u002Fli>\n\u003Cli>List notes or regular notes\u003C\u002Fli>\n\u003Cli>Public or private notes\u003C\u002Fli>\n\u003Cli>Edit on dashboard\u003C\u002Fli>\n\u003Cli>Add as many notes as you like\u003C\u002Fli>\n\u003Cli>Drag & drop list items\u003C\u002Fli>\n\u003Cli>No save button needed!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Feature requests, ratings and donations are welcome and appreciated!\u003C\u002Fstrong>\u003C\u002Fp>\n","Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user  …",20000,248966,92,109,"2024-08-27T08:39:00.000Z","6.4.8","4.0",[20,109,110,73,111],"dashboard-notes","note","wordpress-notes","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-dashboard-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.13.zip",90,3,"2024-08-09 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":13,"num_ratings":14,"last_updated":127,"tested_up_to":16,"requires_at_least":128,"requires_php":87,"tags":129,"homepage":69,"download_link":132,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":133,"fetched_at":31},"wb-sticky-notes","Sticky Notes for WP Dashboard","1.2.5","Web Builder 143","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebbuilder143\u002F","\u003Cp>Need a simple way to stay organized inside your WordPress admin area? \u003Cstrong>Sticky Notes for WP Dashboard\u003C\u002Fstrong> lets you add customizable sticky notes right to your dashboard—just like the ones on your desk, but smarter.\u003C\u002Fp>\n\u003Cp>Use it to jot down reminders, create to-do lists, or leave quick notes for other users. Each note can be styled, resized, and moved around to fit the way you work. Whether you’re managing a personal site or running a team, Sticky Notes makes it easy to keep important information front and center.\u003C\u002Fp>\n\u003Ch3>Why you’ll love Sticky Notes for WP Dashboard:\u003C\u002Fh3>\n\u003Cp>– Create as many sticky notes as you need, anywhere in the admin dashboard\u003Cbr \u002F>\n– Change colors, fonts, and themes to match your style\u003Cbr \u002F>\n– Drag and drop notes to position them exactly where you want\u003Cbr \u002F>\n– Show or hide notes with one click\u003Cbr \u002F>\n– Duplicate, archive, and organize notes easily\u003Cbr \u002F>\n– Control who can access notes with user role restrictions\u003Cbr \u002F>\n– Option to hide notes on specific admin pages for a cleaner view\u003C\u002Fp>\n\u003Cp>With an intuitive interface and zero setup required, Sticky Notes for WP Dashboard is a must-have productivity tool for any WP site owner.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create sticky notes directly on your WP admin dashboard  \u003C\u002Fli>\n\u003Cli>Easy-to-use interface for quick note management  \u003C\u002Fli>\n\u003Cli>Customize notes with themes, colors, and fonts  \u003C\u002Fli>\n\u003Cli>Resizable and movable notes for better organization  \u003C\u002Fli>\n\u003Cli>Hide or show notes globally with one click  \u003C\u002Fli>\n\u003Cli>Duplicate notes with a single click  \u003C\u002Fli>\n\u003Cli>Archive notes for future reference  \u003C\u002Fli>\n\u003Cli>Disable sticky notes on specific admin pages  \u003C\u002Fli>\n\u003Cli>Limit note access by user roles\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Our Other Free Plugins\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwb-custom-product-tabs-for-woocommerce\u002F\" rel=\"ugc\">Custom Product Tabs for WooCommerce\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwb-mail-logger\u002F\" rel=\"ugc\">WB Mail Logger\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Create sticky notes in your WP admin for reminders and to-dos. Restrict notes by user roles and disable them on specific pages.",1000,16123,"2026-01-19T15:14:00.000Z","3.5.0",[71,109,73,130,131],"reminders","sticky-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwb-sticky-notes.1.2.5.zip","2025-12-31 00:00:00",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":11,"downloaded":142,"rating":143,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":69,"tags":148,"homepage":152,"download_link":153,"security_score":154,"vuln_count":155,"unpatched_count":29,"last_vuln_date":156,"fetched_at":31},"user-notes","User Notes","1.0.4","cartpauj","https:\u002F\u002Fprofiles.wordpress.org\u002Fcartpauj\u002F","\u003Cp>This plugin adds a text editor area to each User Profile in the dashboard for Administrators to keep private notes about each User. The notes are ONLY visible to Administrators — that’s the whole point! It also adds a column to the “All Users” list where you can quickly see the note for the user without having to even open their profile.\u003C\u002Fp>\n\u003Cp>It is especially handy for \u003Ca href=\"http:\u002F\u002Fwww.memberpress.com\u002F?aff=20\" title=\"Best membership plugin for WordPress\" rel=\"nofollow ugc\">Membership Sites\u003C\u002Fa> where you may have thousands of members to deal with and need to remember special circumstances for them.\u003C\u002Fp>\n","Keep private notes about each of your users that only Administrators can see.",14556,96,15,"2025-11-28T17:01:00.000Z","6.8.5","6.0",[71,110,149,150,151],"private-notes","secure-notes","user","http:\u002F\u002Fcartpauj.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.1.0.4.zip",98,2,"2025-09-26 00:00:00",{"attackSurface":158,"codeSignals":170,"taintFlows":182,"riskAssessment":210,"analyzedAt":218},{"hooks":159,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":29,"unprotectedCount":29},[160],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","wp_dashboard_setup","bsft_adminpad_widget","adminpad.php",68,[],[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":174,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":155,"bundledLibraries":181},[],{"prepared":29,"raw":29,"locations":173},[],{"escaped":29,"rawEcho":155,"locations":175},[176,179],{"file":164,"line":177,"context":178},40,"raw output",{"file":164,"line":180,"context":178},41,[],[183,202],{"entryPoint":184,"graph":185,"unsanitizedCount":29,"severity":201},"bsft_adminpad_form (adminpad.php:27)",{"nodes":186,"edges":198},[187,192],{"id":188,"type":189,"label":190,"file":164,"line":191},"n0","source","$_POST",32,{"id":193,"type":194,"label":195,"file":164,"line":196,"wp_function":197},"n1","sink","update_option() [Settings Manipulation]",34,"update_option",[199],{"from":188,"to":193,"sanitized":200},true,"low",{"entryPoint":203,"graph":204,"unsanitizedCount":29,"severity":201},"\u003Cadminpad> (adminpad.php:0)",{"nodes":205,"edges":208},[206,207],{"id":188,"type":189,"label":190,"file":164,"line":191},{"id":193,"type":194,"label":195,"file":164,"line":196,"wp_function":197},[209],{"from":188,"to":193,"sanitized":200},{"summary":211,"deductions":212},"The \"adminpad\" plugin v2.6 presents a mixed security posture. On the positive side, the static analysis reveals no direct entry points like AJAX handlers, REST API routes, or shortcodes that are unprotected. SQL queries are 100% prepared, and there are no apparent file operations or external HTTP requests, which are good security practices. The presence of nonce and capability checks, even if limited, suggests an awareness of security principles.\n\nHowever, a significant concern arises from the output escaping. With 2 total outputs and 0% properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from the plugin's processing, if not properly escaped, could be exploited by attackers. While the taint analysis shows no unsanitized paths or critical\u002Fhigh severity flows, this may be due to a limited attack surface or the specific nature of the observed flows, and doesn't negate the XSS risk from unescaped output.\n\nThe vulnerability history indicates one past high-severity vulnerability, a Cross-Site Request Forgery (CSRF), which has since been patched. While there are no currently unpatched vulnerabilities, this history, coupled with the significant output escaping issue, suggests that the plugin, despite its strengths in other areas, has had security weaknesses that could reappear if not carefully managed. In conclusion, the plugin has implemented several good security controls, but the critical flaw in output escaping represents a substantial risk that needs immediate attention. The past CSRF vulnerability also warrants vigilance.",[213,216],{"reason":214,"points":215},"Output not properly escaped",8,{"reason":217,"points":144},"1 high severity CVE in history","2026-03-16T19:11:57.115Z",{"wat":220,"direct":225},{"assetPaths":221,"generatorPatterns":222,"scriptPaths":223,"versionParams":224},[],[],[],[],{"cssClasses":226,"htmlComments":228,"htmlAttributes":229,"restEndpoints":231,"jsGlobals":232,"shortcodeOutput":233},[227],"textarea-wrap",[],[230],"data-nonce-value",[],[],[]]