Does Footnote Drawer have any unpatched vulnerabilities?

No. All known vulnerabilities in Footnote Drawer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Footnote Drawer compatible with WordPress 6.4.8?

According to WordPress.org data, Footnote Drawer 1.0.4 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Footnote Drawer compatible with PHP 5.6+?

Footnote Drawer requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Footnote Drawer updated?

Footnote Drawer was last updated on Nov 26, 2023. Frequent updates are generally a positive security signal.

What is Footnote Drawer's security score?

Footnote Drawer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Footnote Drawer Security & Risk Analysis

wordpress.org/plugins/footnote-drawer

Footnote Drawer displays footnotes in the drawer UI.

0 active installs v1.0.4 PHP 5.6+ WP 5.7+ Updated Nov 26, 2023

citedrawerfootnotefootnotes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Footnote Drawer Safe to Use in 2026?

Generally Safe

Score 85/100

Footnote Drawer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "footnote-drawer" v1.0.4 plugin exhibits a generally strong security posture based on the provided static analysis. There are no identified dangerous functions, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which significantly reduces the attack surface. The absence of any known CVEs further contributes to its good standing.

However, several areas present potential concerns. The plugin lacks nonce checks and capability checks, meaning that actions initiated by its entry points (shortcodes) are not protected against Cross-Site Request Forgery (CSRF) attacks or unauthorized access based on user roles. Additionally, while the number of output escaping instances is low, a significant portion (33%) is not properly escaped, introducing a risk of Stored Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is outputted without sanitization.

The vulnerability history shows no recorded issues, which is positive. This, combined with the absence of critical taint flows, suggests that the plugin's core functionality is likely secure. Nevertheless, the lack of specific security controls like nonces and capability checks, along with the identified output escaping issues, are weaknesses that should be addressed to further harden the plugin's security.

Key Concerns

Missing nonce checks
Missing capability checks
Unescaped output detected

Vulnerabilities

None known

Footnote Drawer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Footnote Drawer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped3 total outputs

Attack Surface

Footnote Drawer Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[fnd] footnote-drawer.php:41

[fnd_end] footnote-drawer.php:42

WordPress Hooks 5

filterthe_postfootnote-drawer.php:38

actionwp_enqueue_scriptsfootnote-drawer.php:39

filterthe_contentfootnote-drawer.php:40

actionadmin_menuincludes\options-page.php:19

actionadmin_initincludes\options-page.php:20

Maintenance & Trust

Footnote Drawer Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedNov 26, 2023

PHP min version5.6

Downloads926

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Footnote Drawer Alternatives

Citation Note

citation-note

100

Easily add, manage, and display citations, references, and footnotes in posts, pages, or custom post types using a user-friendly editor interface.

0 No CVEs

Easy Footnotes

easy-footnotes

100

Easy Footnotes lets you quickly and easily add footnotes throughout your WordPress posts using a simple shortcode in the text editor.

8K No CVEs

Modern Footnotes

modern-footnotes

Add inline footnotes to your posts. On desktop, the footnotes will appear as tooltips. On mobile, the footnote will expand beneath the text.

6K 3 CVEs

Footnotes Made Easy

footnotes-made-easy

Allows post authors to easily add and manage footnotes in posts.

2K 1 CVE

FD Footnotes Plugin

fd-footnotes

Add elegant looking footnotes to your posts simply and naturally.

1K No CVEs

Developer Profile

Footnote Drawer Developer Profile

solaito

2 plugins · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Footnote Drawer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/footnote-drawer/includes/css/style.css/wp-content/plugins/footnote-drawer/includes/js/index.js

Script Paths

/wp-content/plugins/footnote-drawer/includes/js/index.js

Version Parameters

footnote-drawer/includes/js/index.js?ver=footnote-drawer/includes/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

footnote-drawer-referencefootnote-drawer-scroll-upfootnote-drawer-endnotes-contentsfootnote-drawer-endnotes

Data Attributes

data-footnote-drawer-numberdata-footnote-drawer-to

JS Globals

footnote_drawer

Shortcode Output

<a href="#[fnd_end]

FAQ