Kahi's WP Notes Security & Risk Analysis
wordpress.org/plugins/kahis-notesFor me, it's the place to keep notes about future articles, possible topics, plans, ToDos connected with that particular WP site.
Is Kahi's WP Notes Safe to Use in 2026?
Generally Safe
Score 85/100Kahi's WP Notes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "kahis-notes" v0.7 plugin exhibits a generally good security posture based on the provided static analysis. The absence of any known CVEs and a clean vulnerability history suggests a well-maintained and secure codebase. The plugin also demonstrates good practices by not exposing a large attack surface through AJAX, REST API, shortcodes, or cron events, and notably, all SQL queries utilize prepared statements, a critical security measure.
However, a significant concern arises from the output escaping analysis, where 100% of outputs are not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. While the taint analysis shows no flows, this doesn't negate the XSS risk inherent in unescaped output. The plugin also has only one capability check, which might be insufficient depending on the plugin's functionality, and no nonce checks are present, which is a concern for any interactive elements.
In conclusion, while "kahis-notes" v0.7 has a solid foundation with no known vulnerabilities and secure database interactions, the complete lack of output escaping presents a critical security weakness. This single issue significantly elevates the risk profile and requires immediate attention to prevent potential XSS attacks.
Key Concerns
- Unescaped output detected
- Missing nonce checks
- Minimal capability checks
Kahi's WP Notes Security Vulnerabilities
Kahi's WP Notes Release Timeline
Kahi's WP Notes Code Analysis
Output Escaping
Kahi's WP Notes Attack Surface
WordPress Hooks 4
Maintenance & Trust
Kahi's WP Notes Maintenance & Trust
Maintenance Signals
Community Trust
Kahi's WP Notes Alternatives
Website Diary
website-diary
For keeping diary-like notes, so you can quickly overview recent changes on your site (and spot the source of an eventual problem).
WP Dashboard Notes
wp-dashboard-notes
Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user …
Sticky Notes for WP Dashboard
wb-sticky-notes
Create sticky notes in your WP admin for reminders and to-dos. Restrict notes by user roles and disable them on specific pages.
Noted!
noted
A simple, lightweight, and user-friendly note-taking system within the WordPress admin.
User Notes
user-notes
Keep private notes about each of your users that only Administrators can see.
Kahi's WP Notes Developer Profile
5 plugins · 400 total installs
How We Detect Kahi's WP Notes
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/kahis-notes/icon.png/wp-content/plugins/kahis-notes/jquery.autogrow.js/wp-content/plugins/kahis-notes/jquery.autogrow.jskahis-notes/jquery.autogrow.js?ver=1.2.2HTML / DOM Fingerprints
knotesby plugin: Kahi's Notesid="knotes"name="knotes_content"value="knotes_submit_update"jQuery('#knotes textarea').autogrow();