Does LH Dashboard Notes have any unpatched vulnerabilities?

No. All known vulnerabilities in LH Dashboard Notes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LH Dashboard Notes compatible with WordPress 4.9.29?

According to WordPress.org data, LH Dashboard Notes 1.09 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is LH Dashboard Notes updated?

LH Dashboard Notes was last updated on May 9, 2018. Frequent updates are generally a positive security signal.

What is LH Dashboard Notes's security score?

LH Dashboard Notes has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LH Dashboard Notes Security & Risk Analysis

wordpress.org/plugins/lh-dashboard-notes

Allows you to create and edit notes that appear on the admin dashboard

500 active installs v1.09 PHP + WP 3.6+ Updated May 9, 2018

admin-notedashboard-notesnotenoteswordpress-notes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is LH Dashboard Notes Safe to Use in 2026?

Generally Safe

Score 85/100

LH Dashboard Notes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The lh-dashboard-notes plugin v1.09 presents a mixed security picture. On the positive side, the absence of known CVEs and a lack of concerning taint analysis flows indicate a history of security consciousness or perhaps limited scope. The code also demonstrates good practices by using prepared statements for all SQL queries, which mitigates common SQL injection risks. However, a significant concern arises from the complete lack of output escaping. This means that any data displayed by the plugin, even if it originates from trusted sources within WordPress, could potentially be rendered as active HTML or JavaScript, opening the door to Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the absence of capability checks and nonce checks, combined with zero entry points in the static analysis, suggests a very limited feature set or an oversight in the analysis's ability to detect entry points. If the plugin does indeed have any user-facing functionality, these missing security controls are a serious concern.

Key Concerns

100% of outputs are not properly escaped
0 capability checks found
0 nonce checks found

Vulnerabilities

None known

LH Dashboard Notes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

LH Dashboard Notes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

LH Dashboard Notes Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actioninitlh-dashboard-notes.php:254

actionwp_dashboard_setuplh-dashboard-notes.php:255

actionplugins_loadedlh-dashboard-notes.php:258

Maintenance & Trust

LH Dashboard Notes Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMay 9, 2018

PHP min version

Downloads10K

Community Trust

Rating100/100

Number of ratings10

Active installs500

Alternatives

LH Dashboard Notes Alternatives

WP Dashboard Notes

wp-dashboard-notes

Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user …

20K 3 CVEs