Does Frontend User Notes have any unpatched vulnerabilities?

No. All known vulnerabilities in Frontend User Notes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Frontend User Notes compatible with WordPress 6.8.5?

According to WordPress.org data, Frontend User Notes 2.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Frontend User Notes compatible with PHP 5.6+?

Frontend User Notes requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Frontend User Notes updated?

Frontend User Notes was last updated on Nov 14, 2025. Frequent updates are generally a positive security signal.

What is Frontend User Notes's security score?

Frontend User Notes has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Frontend User Notes Security & Risk Analysis

wordpress.org/plugins/frontend-user-notes

Allow site members to add and save personal notes from frontend. Suited for membership and e-learning sites. Fast, secure and fully ajax loading.

50 active installs v2.1.1 PHP 5.6+ WP 4.5+ Updated Nov 14, 2025

e-learningmembershipnotepadnotesuser

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 17, 2026

Plugin page Download

Safety Verdict

Is Frontend User Notes Safe to Use in 2026?

Generally Safe

Score 99/100

Frontend User Notes has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 17, 2026Updated 4mo ago

Risk Assessment

The "frontend-user-notes" plugin version 2.1.1 exhibits a generally strong security posture based on static analysis, with no identified dangerous functions, SQL injection vulnerabilities, file operations, or external HTTP requests. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks on its entry points. A high percentage of output escaping (86%) is also a positive sign. However, the presence of 3 AJAX handlers, while all reportedly checked for authentication, still represents an attack surface that requires careful ongoing scrutiny. The plugin's history includes one known CVE, which was an Authorization Bypass Through User-Controlled Key vulnerability. While this CVE is currently unpatched, its severity was only medium. The fact that the last vulnerability occurred in the future (2026-02-17) is an anomaly and should be investigated as a data integrity issue rather than a current security threat.

Key Concerns

One known CVE recorded
Medium severity CVE
86% output escaping
3 AJAX handlers present

Vulnerabilities

Frontend User Notes Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-12071medium · 4.3Authorization Bypass Through User-Controlled Key

Frontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note Modification

Feb 17, 2026 Patched in 2.1.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

Frontend User Notes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

137 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

Output Escaping

86% escaped160 total outputs

Attack Surface

Frontend User Notes Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 3

authwp_ajax_funp_ajax_load_notesincludes\ajax.php:7

authwp_ajax_funp_ajax_create_noteincludes\ajax.php:41

authwp_ajax_funp_ajax_modify_notesincludes\ajax.php:101

Shortcodes 1

[fun-my-notes] includes\main.php:120

WordPress Hooks 13

actionadmin_initadmin\admin_functions.php:12

actionadmin_menuadmin\admin_functions.php:13

actioninitadmin\admin_functions.php:14

actionadd_meta_boxesadmin\admin_functions.php:15

actionsave_postadmin\admin_functions.php:16

filtermanage_frontend-user-notes_posts_columnsadmin\admin_functions.php:17

actionmanage_frontend-user-notes_posts_custom_columnadmin\admin_functions.php:18

filterplugin_action_linksadmin\admin_functions.php:19

actionadmin_enqueue_scriptsadmin\class\class_settings.php:11

actionwp_enqueue_scriptsincludes\main.php:11

actionwp_footerincludes\main.php:103

actiontemplate_redirectincludes\main.php:347

actioninitincludes\main.php:358

Maintenance & Trust

Frontend User Notes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 14, 2025

PHP min version5.6

Downloads2K

Community Trust

Rating100/100

Number of ratings3

Active installs50

Alternatives

Frontend User Notes Alternatives

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 70 CVEs

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

Setup paid membership, accept payment, sell subscription & digital product, paywall, create login & registration form, user profile & member directory

100K 41 CVEs

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 30 CVEs

Ultimate Member – reCAPTCHA

um-recaptcha

Stop bots on your registration & login forms with Google reCAPTCHA

20K No CVEs

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration

wp-user-frontend

Create forms, guest posts, subscriptions, user directory, user registration, membership, frontend posts, profile builder, content restriction rules.

20K 16 CVEs

Developer Profile

Frontend User Notes Developer Profile

Abu Bakar

3 plugins · 700 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

118 days

View full developer profile

Detection Fingerprints

How We Detect Frontend User Notes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/frontend-user-notes/admin/css/funp_admin_styles.css/wp-content/plugins/frontend-user-notes/admin/js/funp_admin_scripts.js/wp-content/plugins/frontend-user-notes/includes/css/style.css/wp-content/plugins/frontend-user-notes/includes/css/datatables.min.css/wp-content/plugins/frontend-user-notes/includes/js/jquery.dataTables.min.js/wp-content/plugins/frontend-user-notes/includes/js/main.js/wp-content/plugins/frontend-user-notes/includes/js/notes.js

Script Paths

/wp-content/plugins/frontend-user-notes/admin/js/funp_admin_scripts.js/wp-content/plugins/frontend-user-notes/includes/js/jquery.dataTables.min.js/wp-content/plugins/frontend-user-notes/includes/js/main.js/wp-content/plugins/frontend-user-notes/includes/js/notes.js

Version Parameters

frontend-user-notes/admin/css/funp_admin_styles.css?ver=frontend-user-notes/admin/js/funp_admin_scripts.js?ver=frontend-user-notes/includes/css/style.css?ver=frontend-user-notes/includes/css/datatables.min.css?ver=frontend-user-notes/includes/js/jquery.dataTables.min.js?ver=frontend-user-notes/includes/js/main.js?ver=frontend-user-notes/includes/js/notes.js?ver=

HTML / DOM Fingerprints

CSS Classes

funp-notes-wrapperfunp-add-note-formfunp-note-list

HTML Comments

Data Attributes

data-funp-noncedata-funp-actiondata-funp-post-id

JS Globals

funp_ajax_objectfrontend_notes_obj

REST Endpoints

/wp-json/funp/v1/notes

Shortcode Output

[frontend_user_notes]

FAQ