Does Modern Footnotes have any unpatched vulnerabilities?

No. All known vulnerabilities in Modern Footnotes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Modern Footnotes compatible with WordPress 6.8.5?

According to WordPress.org data, Modern Footnotes 1.4.20 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Modern Footnotes updated?

Modern Footnotes was last updated on Jun 18, 2025. Frequent updates are generally a positive security signal.

What is Modern Footnotes's security score?

Modern Footnotes has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Modern Footnotes Security & Risk Analysis

wordpress.org/plugins/modern-footnotes

Add inline footnotes to your posts. On desktop, the footnotes will appear as tooltips. On mobile, the footnote will expand beneath the text.

6K active installs v1.4.20 PHP + WP 4.6+ Updated Jun 18, 2025

citationsfootnotesinline-citationsinline-footnotesmobile-friendly-citations

A · Safe

CVEs total3

Unpatched0

Last CVEJun 19, 2025

Plugin page Download

Safety Verdict

Is Modern Footnotes Safe to Use in 2026?

Generally Safe

Score 97/100

Modern Footnotes has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 19, 2025Updated 9mo ago

Risk Assessment

The 'modern-footnotes' plugin version 1.4.20 exhibits a mixed security posture. On the positive side, the static analysis indicates a clean code base with no dangerous functions, no raw SQL queries, and no file operations or external HTTP requests. The presence of capability checks (3) and the absence of any critical or high-severity taint flows are also encouraging signs. However, the significant concern lies in its vulnerability history. With three known medium-severity vulnerabilities, all of which were Cross-site Scripting (XSS) related, this pattern suggests recurring input sanitization or output escaping issues. While all past vulnerabilities are currently unpatched, the fact that the last vulnerability was in the future (2025-06-19) is likely a data anomaly and should be disregarded. The plugin's attack surface is relatively small, consisting of two shortcodes, but the fact that 35% of its outputs are not properly escaped presents a potential XSS risk, even if not explicitly identified as a critical or high severity taint flow in the current analysis. The lack of nonce checks on any entry points is also a weakness that could be exploited in conjunction with other issues.

Key Concerns

Medium severity vulnerabilities historically
Unescaped output detected
No nonce checks on entry points

Vulnerabilities

Modern Footnotes Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-50049medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Modern Footnotes <= 1.4.19 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 19, 2025 Patched in 1.4.20 (7d)

CVE-2023-5618medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Modern Footnotes <= 1.4.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 19, 2023 Patched in 1.4.17 (96d)

CVE-2023-28423medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Modern Footnotes <= 1.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 14, 2023 Patched in 1.4.16 (315d)

Code Analysis

Analyzed Mar 16, 2026

Modern Footnotes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

65% escaped20 total outputs

Attack Surface

Modern Footnotes Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[mfn_list] modern-footnotes.php:253

[mfn_list] modern-footnotes.php:700

WordPress Hooks 18

filterthe_contentmodern-footnotes.php:255

filterthe_contentmodern-footnotes.php:256

filterthe_contentmodern-footnotes.php:257

actionthe_postmodern-footnotes.php:269

filterthe_contentmodern-footnotes.php:348

filterwp_trim_wordsmodern-footnotes.php:378

actionwp_enqueue_scriptsmodern-footnotes.php:413

filterthe_excerpt_rssmodern-footnotes.php:708

filterthe_content_feedmodern-footnotes.php:709

actionrss_headmodern-footnotes.php:715

actionrss_tag_premodern-footnotes.php:716

actionadmin_menumodern-footnotes.php:720

actionadmin_initmodern-footnotes.php:721

filtermce_external_pluginsmodern-footnotes.php:733

filtermce_buttonsmodern-footnotes.php:734

filterinitmodern-footnotes.php:738

actionadmin_enqueue_scriptsmodern-footnotes.php:745

actionenqueue_block_editor_assetsmodern-footnotes.php:782

Maintenance & Trust

Modern Footnotes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 18, 2025

PHP min version

Downloads112K

Community Trust

Rating96/100

Number of ratings32

Active installs6K

Alternatives

Modern Footnotes Alternatives

CM Footnotes – Boost your content’s credibility with footnotes, citations, and bibliography

cm-footnotes

100

Add and manage footnotes, citations, and bibliography with this footnotes Plugin. Improve clarity and provide references.

100 No CVEs

CiteKit – Citation and Reference Manager

citation-reference-manager

100

Add in-text citations, tooltips, and auto-generated bibliography to your WordPress posts in APA, MLA, Chicago and more.

20 No CVEs

Easy Footnotes

easy-footnotes

100

Easy Footnotes lets you quickly and easily add footnotes throughout your WordPress posts using a simple shortcode in the text editor.

8K No CVEs

Footnotes Made Easy

footnotes-made-easy

Allows post authors to easily add and manage footnotes in posts.

2K 1 CVE

FD Footnotes Plugin

fd-footnotes

Add elegant looking footnotes to your posts simply and naturally.

1K No CVEs

Developer Profile

Modern Footnotes Developer Profile

prismtechstudios

1 plugin · 6K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

139 days

View full developer profile

Detection Fingerprints

How We Detect Modern Footnotes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/modern-footnotes/modern-footnotes.css/wp-content/plugins/modern-footnotes/modern-footnotes.js

Script Paths

/wp-content/plugins/modern-footnotes/modern-footnotes.js

Version Parameters

modern-footnotes/modern-footnotes.css?ver=modern-footnotes/modern-footnotes.js?ver=

HTML / DOM Fingerprints

CSS Classes

modern-footnotes-listmodern-footnotes-list-headingmodern-footnotes-list--show-only-for-printmodern-footnotes-list--hide-for-printmodern-footnotes-list-heading--show-only-for-printmodern-footnotes-list-heading--hide-for-printmodern-footnotes-footnote--expands-on-desktopmodern-footnotes-footnote--hover-on-desktop

Data Attributes

data-original-contentdata-modern-footnotes-display-numberdata-modern-footnotes-content

JS Globals

modern_footnotes_all_posts_data

Shortcode Output

<ul class="modern-footnotes-list<li class="modern-footnotes-footnote <span class="modern-footnotes-display-number"><div class="modern-footnotes-content">

FAQ