Does Note For Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Note For Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Note For Posts compatible with WordPress 4.5.33?

According to WordPress.org data, Note For Posts 1.0.1 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is Note For Posts updated?

Note For Posts was last updated on May 29, 2016. Frequent updates are generally a positive security signal.

What is Note For Posts's security score?

Note For Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Note For Posts Security & Risk Analysis

wordpress.org/plugins/note-for-posts

Add a simple note to any post types such as post, page, download (Easy Digital Downloads), product (WooComerce), etc.

10 active installs v1.0.1 PHP + WP 3.0.1+ Updated May 29, 2016

downloadeddpagepostproduct

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Note For Posts Safe to Use in 2026?

Generally Safe

Score 85/100

Note For Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "note-for-posts" v1.0.1 plugin exhibits a generally good security posture, largely due to the absence of known vulnerabilities and a commitment to using prepared statements for its SQL queries. The static analysis also shows no critical or high-severity taint flows, indicating a reasonable effort to sanitize data. However, there are several areas for improvement. The low percentage of properly escaped output (26%) is a significant concern, as it leaves the plugin susceptible to Cross-Site Scripting (XSS) vulnerabilities. While nonce checks are present on some entry points, the lack of capability checks on any entry points is a weakness, potentially allowing unauthorized users to trigger plugin actions. The plugin's vulnerability history is clean, which is a positive sign, but this can be misleading if the code has not been thoroughly audited for less obvious flaws like the unescaped output identified.

Overall, the plugin has a solid foundation with its use of prepared statements and lack of known CVEs. The primary risk lies in the insufficient output escaping, which could lead to XSS vulnerabilities. The absence of capability checks on entry points is another area that requires attention. While the current lack of reported vulnerabilities is reassuring, it is crucial to address the identified code quality issues to maintain a strong security stance and prevent future exploits.

Key Concerns

Low percentage of properly escaped output
No capability checks on entry points

Vulnerabilities

None known

Note For Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Note For Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

26% escaped43 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

n4p_submenu_admin_page_callback (includes\admin\sub-menu-options.php:40)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Note For Posts Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_n4p_actionincludes\admin\wp-ajax-action.php:129

Shortcodes 1

[n4p-sc] includes\shortcodes.php:111

WordPress Hooks 18

actionadmin_enqueue_scriptsincludes\admin\admin-enqueue-scripts.php:25

actionadmin_enqueue_scriptsincludes\admin\admin-enqueue-scripts.php:39

actionadmin_enqueue_scriptsincludes\admin\admin-enqueue-scripts.php:54

actionadmin_enqueue_scriptsincludes\admin\admin-enqueue-scripts.php:68

actionadmin_footerincludes\admin\admin-footer-options.php:28

filtermanage_note_posts_columnsincludes\admin\manage-columns.php:42

filtermanage_edit-note_sortable_columnsincludes\admin\manage-columns.php:137

actionadd_meta_boxesincludes\admin\metabox-save-post.php:39

actionsave_postincludes\admin\metabox-save-post.php:97

actionadmin_menuincludes\admin\sub-menu-options.php:33

actionadmin_footerincludes\admin\wp-ajax-action.php:78

actioninitincludes\custom-post-type.php:69

actionwp_enqueue_scriptsincludes\enqueue-scripts.php:25

actionwp_enqueue_scriptsincludes\enqueue-scripts.php:39

actioninitincludes\taxonomy-tags.php:53

actionplugins_loadedincludes\text-domain.php:49

actionwidgets_initincludes\widget-register.php:201

actionwp_footerincludes\wp-footer-scripts.php:31

Maintenance & Trust

Note For Posts Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedMay 29, 2016

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Note For Posts Alternatives

Advance Product Search & Ajax Search for WooCommerce

th-advance-product-search

Upgrade WooCommerce search with fast Ajax product search, live results, and category-based search. Help customers find products instantly.

10K 3 CVEs

Real Custom Post Order: Create a custom order for your content

real-custom-post-order

100

Custom post order for posts, pages, WooCommerce products and custom post types using drag and drop. Simple and intuitive sorting of your content!

9K No CVEs

Post/Page Specific Custom Code

postpage-specific-custom-css

100

Add custom CSS to posts, pages, or WooCommerce products, with optional archive support. Includes a dedicated editor box.

7K No CVEs

WP Hide Post — Hide Posts, Pages, Custom Post Types, and Control Products Visibility for WooCommerce

wp-post-hide

Want to hide WordPress posts, pages, custom post types, and WooCommerce products from the homepage, archives, search, RSS, and REST API? Check out WP …

3K 1 CVE

EDD Hide Download

edd-hide-download

Hide the default Easy Digital Downloads product page from the user, and redirect them to a custom page.

600 No CVEs

Developer Profile

Note For Posts Developer Profile

Elvin D

6 plugins · 8K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

369 days

View full developer profile

Detection Fingerprints

How We Detect Note For Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/note-for-posts/includes/enqueue-scripts.php/wp-content/plugins/note-for-posts/includes/wp-footer-scripts.php/wp-content/plugins/note-for-posts/includes/admin/manage-columns.php/wp-content/plugins/note-for-posts/includes/admin/admin-scripts.php

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-n4p-iddata-n4p-postiddata-n4p-notecolourdata-n4p-noteiddata-n4p-notetitledata-n4p-notecontent

JS Globals

n4p_data

Shortcode Output

[note_for_posts]

FAQ