WP-Safety

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management Security & Risk Analysis

wordpress.org/plugins/annotatr

Visual feedback and bug tracking for WordPress. Capture, assign, and fix issues without leaving your site — no more chasing reports.

0 active installs v1.0.4 PHP 7.4+ WP 5.8+ Updated Feb 27, 2026
bug-trackerclient-feedbackissue-trackerkanban-boardproject-management
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management Safe to Use in 2026?

Generally Safe

Score 100/100

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin "annotatr" v1.0.4 presents a mixed security posture. On the positive side, the plugin demonstrates good practices regarding output escaping and the use of prepared statements for SQL queries, with a very high percentage of both. It also shows a significant number of capability checks, suggesting an effort to secure certain functionalities. Furthermore, the absence of any recorded vulnerabilities, including critical or high severity ones, is a strong indicator of a relatively secure codebase historically. The plugin also reports zero dangerous functions and zero taint flows, which are excellent signs.

Key Concerns

  • REST API routes without permission callbacks
  • Bundled library: Freemius v1.0
  • Low number of nonce checks
Vulnerabilities
None known

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management Code Analysis

Dangerous Functions
0
Raw SQL Queries
35
97 prepared
Unescaped Output
7
130 escaped
Nonce Checks
1
Capability Checks
42
File Operations
8
External Requests
3
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

73% prepared132 total queries

Output Escaping

95% escaped137 total outputs
Attack Surface
35 unprotected

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management Attack Surface

Entry Points38
Unprotected35

REST API Routes 38

GET/wp-json/annotatr/v1/notesincludes\api.php:12
GET/wp-json/annotatr/v1/notes/(?P<id>\d+)includes\api.php:58
GET/wp-json/annotatr/v1/notes/(?P<note_id>\d+)/commentsincludes\api.php:86
GET/wp-json/annotatr/v1/comments/(?P<id>\d+)includes\api.php:107
GET/wp-json/annotatr/v1/notes/(?P<note_id>\d+)/subtasksincludes\api.php:143
GET/wp-json/annotatr/v1/subtasks/(?P<id>\d+)includes\api.php:164
GET/wp-json/annotatr/v1/notes/(?P<note_id>\d+)/activitiesincludes\api.php:194
GET/wp-json/annotatr/v1/notes/(?P<note_id>\d+)/watchincludes\api.php:216
GET/wp-json/annotatr/v1/notes/(?P<note_id>\d+)/watchersincludes\api.php:238
GET/wp-json/annotatr/v1/comments/(?P<comment_id>\d+)/reactionsincludes\api.php:253
GET/wp-json/annotatr/v1/developersincludes\api.php:295
GET/wp-json/annotatr/v1/testersincludes\api.php:309
GET/wp-json/annotatr/v1/column-categoriesincludes\api.php:323
GET/wp-json/annotatr/v1/column-categories/(?P<id>\d+)includes\api.php:344
GET/wp-json/annotatr/v1/users/searchincludes\api.php:358
GET/wp-json/annotatr/v1/proxy-imageincludes\api.php:380
GET/wp-json/annotatr/v1/attachments/downloadincludes\api.php:403
GET/wp-json/annotatr/v1/annotation-usage/(?P<note_id>\d+)includes\api.php:426
GET/wp-json/annotatr/v1/annotation-usageincludes\api.php:447
GET/wp-json/annotatr/v1/backupincludes\api.php:469
GET/wp-json/annotatr/v1/backup/scheduleincludes\api.php:501
GET/wp-json/annotatr/v1/backup/listincludes\api.php:523
GET/wp-json/annotatr/v1/backup/deleteincludes\api.php:538
GET/wp-json/annotatr/v1/settings/developersincludes\api.php:553
GET/wp-json/annotatr/v1/settings/test-usersincludes\api.php:567
GET/wp-json/annotatr/v1/settings/user-colorsincludes\api.php:581
GET/wp-json/annotatr/v1/settings/emailincludes\api.php:596
GET/wp-json/annotatr/v1/settings/note-defaultsincludes\api.php:618
GET/wp-json/annotatr/v1/settings/notificationsincludes\api.php:640
GET/wp-json/annotatr/v1/settings/boardincludes\api.php:662
GET/wp-json/annotatr/v1/settings/capture-methodincludes\api.php:684
GET/wp-json/annotatr/v1/settings/danger-zoneincludes\api.php:706
GET/wp-json/annotatr/v1/settings/error-logincludes\api.php:728
GET/wp-json/annotatr/v1/settings/error-log/clearincludes\api.php:755
GET/wp-json/annotatr/v1/log-errorincludes\api.php:770
GET/wp-json/annotatr/v1/pagesincludes\api.php:785
GET/wp-json/annotatr/v1/activity-stateincludes\api.php:800
POST/wp-json/annotatr/v1/puppeteer/screenshotincludes\api.php:822
WordPress Hooks 30
actionplugins_loadedannotatr.php:38
filterplugin_iconannotatr.php:87
filteruninstall_confirmation_messageannotatr.php:95
filterfs_redirect_on_activation_annotatrannotatr.php:112
actioninitannotatr.php:225
actionwpannotatr.php:236
actionwpannotatr.php:247
actionannotatr_daily_cleanup_completed_notesannotatr.php:315
actioninitannotatr.php:322
actionannotatr_after_note_updateannotatr.php:339
actionannotatr_after_user_role_updateannotatr.php:346
actionadmin_bar_menuincludes\admin-bar.php:72
actionwp_enqueue_scriptsincludes\admin-bar.php:130
actionadmin_enqueue_scriptsincludes\admin-bar.php:131
actionadmin_menuincludes\admin.php:25
actionadmin_enqueue_scriptsincludes\admin.php:211
actionrest_api_initincludes\api.php:879
actionannotatr_automated_backupincludes\api.php:2720
actionannotatr_activity_state_updatedincludes\api.php:3724
actionwp_mail_failedincludes\email\notifications.php:481
actionannotatr_send_bulk_notificationsincludes\email\notifications.php:886
actionannotatr_note_createdincludes\email\notifications.php:924
actionannotatr_comment_mentionedincludes\email\notifications.php:1035
actionannotatr_after_comment_createincludes\email\notifications.php:1164
actionannotatr_after_note_updateincludes\email\notifications.php:1505
actionannotatr_daily_email_remindersincludes\email\notifications.php:1679
actionwp_enqueue_scriptsincludes\frontend.php:163
actionwp_headincludes\frontend.php:186
actionadmin_menuincludes\settings.php:16
actionadmin_initincludes\settings.php:72

Scheduled Events 3

annotatr_daily_email_reminders
annotatr_daily_cleanup_completed_notes
annotatr_send_bulk_notifications
Maintenance & Trust

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 27, 2026
PHP min version7.4
Downloads433

Community Trust

Rating100/100
Number of ratings2
Active installs0
Alternatives

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management Alternatives

Supernifty Bublz

Supernifty Bublz

supernifty-bublz

A
100

Click anything on your site. Pin a task to it. Track it on a kanban board. Bug reporting and feedback built into WordPress.

0 No CVEs
Atarim – Visual Feedback, Review & AI Collaboration

Atarim – Visual Feedback, Review & AI Collaboration

atarim-visual-collaboration

B
76

Make collecting feedback on WordPress sites MUCH faster and easier, with the visual collaboration tool used on over 120,000 websites worldwide.

1K 18 CVEs
GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin

GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin

gemboards

A
100

GemBoards is a project and task management plugin that helps teams manage projects, Kanban boards, and sprint workflows from one place.

0 No CVEs
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

wedevs-project-manager

C
60

Ease Project Management and Task Management using a powerful project manager with Kanban board, Gantt chart, milestone tracking & project reporting.

7K 1 unpatched
FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration

FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration

fluent-boards

A
93

The Simplest Project & Task Management Plugin Specifically Crafted for Agencies, Freelancers & Founders.

6K 2 CVEs
Developer Profile

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management Developer Profile

rebelliousdigital

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/annotatr/assets/css/annotatr.css/wp-content/plugins/annotatr/assets/js/annotatr.js
Script Paths
/wp-content/plugins/annotatr/assets/js/annotatr.js
Version Parameters
annotatr/assets/css/annotatr.css?ver=annotatr/assets/js/annotatr.js?ver=

HTML / DOM Fingerprints

CSS Classes
annotatr-containerannotatr-sidebarannotatr-noteannotatr-commentannotatr-toolbar
HTML Comments
<!-- Annotatr: Start Note --><!-- Annotatr: End Note -->
Data Attributes
data-annotatr-iddata-annotatr-type
JS Globals
AnnotatrannotatrConfig
REST Endpoints
/wp-json/annotatr/v1/notes/wp-json/annotatr/v1/comments
Shortcode Output
[annotatr_notes_list]
FAQ

Frequently Asked Questions about Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management