Does Dan's Annotator have any unpatched vulnerabilities?

No. All known vulnerabilities in Dan's Annotator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dan's Annotator compatible with WordPress 6.9.4?

According to WordPress.org data, Dan's Annotator 1.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Dan's Annotator compatible with PHP 7.4+?

Dan's Annotator requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Dan's Annotator updated?

Dan's Annotator was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Dan's Annotator's security score?

Dan's Annotator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dan's Annotator Security & Risk Analysis

wordpress.org/plugins/dans-annotator

Lightweight front-end annotation tool with threads, tagging, and collaborator sessions.

0 active installs v1.2.0 PHP 7.4+ WP 6.2+ Updated Unknown

annotationscollaborationcommentsfeedbackpage-notes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Dan's Annotator Safe to Use in 2026?

Generally Safe

Score 100/100

Dan's Annotator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "dans-annotator" v1.2.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, and external HTTP requests is commendable. Crucially, all detected SQL queries utilize prepared statements, and all output is properly escaped, significantly mitigating common web application vulnerabilities like SQL injection and cross-site scripting (XSS). The presence of both nonce and capability checks on entry points further reinforces its defenses.

Despite these strengths, the plugin has a moderately sized attack surface composed entirely of REST API routes. While these routes have permission callbacks, any misconfiguration or logic flaws within these callbacks could potentially expose vulnerabilities. The taint analysis showed no unsanitized paths, indicating no immediate risks from malicious input being processed without proper sanitization. The lack of any recorded vulnerabilities in its history is a positive indicator, suggesting a history of secure development practices.

In conclusion, "dans-annotator" v1.2.0 demonstrates a good understanding of secure coding principles, particularly in its handling of data and output. The primary area for potential concern lies within the security of the REST API permission callbacks, which, while present, are not explicitly detailed in this analysis. The absence of historical vulnerabilities is a significant strength. Overall, the plugin appears to be relatively secure.

Vulnerabilities

None known

Dan's Annotator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Dan's Annotator Code Analysis

Dangerous Functions

Raw SQL Queries

64 prepared

Unescaped Output

219 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

98% prepared65 total queries

Output Escaping

100% escaped219 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

annotate_handle_delete_collaborator (includes\admin.php:991)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Dan's Annotator Attack Surface

Entry Points8

Unprotected0

REST API Routes 8

POST/wp-json/annotate/v1/threads/queryincludes\rest.php:15

POST/wp-json/annotate/v1/threadsincludes\rest.php:25

POST/wp-json/annotate/v1/threads/(?P<id>\d+)/closeincludes\rest.php:35

DELETE/wp-json/annotate/v1/threads/(?P<id>\d+)includes\rest.php:45

POST/wp-json/annotate/v1/comments/queryincludes\rest.php:55

POST/wp-json/annotate/v1/commentsincludes\rest.php:65

POST/wp-json/annotate/v1/users/searchincludes\rest.php:75

POST/wp-json/annotate/v1/session/disconnectincludes\rest.php:85

WordPress Hooks 16

actioninitdans-annotator.php:39

actionadmin_initdans-annotator.php:40

actionwp_enqueue_scriptsdans-annotator.php:41

actionadmin_bar_menudans-annotator.php:42

actionadmin_noticesdans-annotator.php:43

actionwp_footerdans-annotator.php:44

actionannotate_weekly_cleanupdans-annotator.php:45

filtercron_schedulesdans-annotator.php:46

actionadmin_menuincludes\admin.php:12

actionadmin_initincludes\admin.php:13

actionadmin_enqueue_scriptsincludes\admin.php:14

actionadmin_post_annotate_delete_allincludes\admin.php:15

actionadmin_post_annotate_toggle_collaboratorincludes\admin.php:16

actionadmin_post_annotate_delete_collaboratorincludes\admin.php:17

actionrest_api_initincludes\rest.php:12

filterrest_authentication_errorsincludes\rest.php:97

Scheduled Events 1

annotate_weekly_cleanup

Maintenance & Trust

Dan's Annotator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads203

Community Trust

Rating100/100

Number of ratings2

Active installs0

Alternatives

Dan's Annotator Alternatives

Site Notes: Feedback, Notes with Sitewide Visual Commenting

analogwp-site-notes

100

A comprehensive solution for agency-client transitions with visual commenting system, task management, and collaborative features.

0 No CVEs

Decent Comments

decent-comments

100

Decent Comments shows what people say. A more engaging way to show comments.

2K No CVEs

Team Collaboration & Content Workflow Plugin for WordPress Editorial Teams – Multicollab

commenting-feature

100

This plugin serves the commenting feature like Google Docs within the Gutenberg Editor!

300 No CVEs

Webvizio

webvizio

100

The Ultimate Visual Feedback, Collaboration & Productivity Tool for Web Professionals.

100 No CVEs

Content Approval Workflow

content-approval-workflow

Enhance collaboration with this plugin. Easily assign reviewers, track status, and get timely notifications for a seamless content review process.

80 No CVEs

Developer Profile

Dan's Annotator Developer Profile

lazardanlucian

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Dan's Annotator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dans-annotator/assets/annotate.css/wp-content/plugins/dans-annotator/assets/annotate.js

Script Paths

/wp-content/plugins/dans-annotator/assets/annotate.js

Version Parameters

dans-annotator/assets/annotate.css?ver=dans-annotator/assets/annotate.js?ver=

HTML / DOM Fingerprints

CSS Classes

annotate-widget-shellannotate-comment-composer

HTML Comments

Data Attributes

data-annotate-rest-urldata-annotate-noncedata-annotate-current-user-iddata-annotate-actor-iddata-annotate-actor-typedata-annotate-actor-is-collaborator+4 more

JS Globals

AnnotateData

REST Endpoints

/wp-json/annotate/v1/threads/wp-json/annotate/v1/comments/wp-json/annotate/v1/tags/wp-json/annotate/v1/collaborators

FAQ