Noted! Security & Risk Analysis
wordpress.org/plugins/notedA simple, lightweight, and user-friendly note-taking system within the WordPress admin.
Is Noted! Safe to Use in 2026?
Generally Safe
Score 92/100Noted! has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'noted' v1.0 plugin exhibits a generally strong security posture, with all identified entry points (AJAX handlers) protected by nonce and capability checks. The code adheres to secure practices by exclusively using prepared statements for SQL queries and properly escaping all output. The absence of file operations and external HTTP requests further minimizes the attack surface. This indicates a developer who is aware of and implements common WordPress security best practices.
However, the presence of a single instance of `preg_replace(/e)` is a point of concern. While the static analysis did not identify any specific taint flows or vulnerabilities stemming from this, the `e` modifier in `preg_replace` can lead to remote code execution if not handled with extreme care and proper sanitization of the replacement pattern. The lack of any recorded vulnerability history, while positive, could also be interpreted as a limited track record. A plugin with no history might not have been subjected to extensive real-world testing and scrutiny that could uncover deeper issues.
In conclusion, 'noted' v1.0 is well-coded with robust defenses against common web vulnerabilities. The primary area requiring attention is the `preg_replace(/e)` usage, which warrants a deeper manual code review to ensure the replacement pattern is never user-controlled or exploitable. The absence of past vulnerabilities is a good sign, but it's important to remain vigilant, especially given the presence of potentially risky functions.
Key Concerns
- Use of preg_replace with /e modifier
Noted! Security Vulnerabilities
Noted! Code Analysis
Dangerous Functions Found
Output Escaping
Noted! Attack Surface
AJAX Handlers 4
WordPress Hooks 8
Maintenance & Trust
Noted! Maintenance & Trust
Maintenance Signals
Community Trust
Noted! Alternatives
AdminHero
admin-hero
Admin notes for website administrators, accessible via a modal that lets you write, edit, and save notes directly within the WordPress dashboard.
BreathWP – Quick Admin Notes
breathwp-quick-admin-notes
Add multiple note cards to your WordPress dashboard for quick reminders, to-dos, and team messages.
WP Dashboard Notes
wp-dashboard-notes
Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user …
Sticky Notes for WP Dashboard
wb-sticky-notes
Create sticky notes in your WP admin for reminders and to-dos. Restrict notes by user roles and disable them on specific pages.
User Notes
user-notes
Keep private notes about each of your users that only Administrators can see.
Noted! Developer Profile
1 plugin · 800 total installs
How We Detect Noted!
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/noted/css/noted.css/wp-content/plugins/noted/js/noted.js/wp-content/plugins/noted/js/noted.jsnoted/css/noted.css?ver=noted/js/noted.js?ver=HTML / DOM Fingerprints
noted-panelnoted-close-buttonnoted-contentnoted-inputnoted-textareanoted-save-buttonnoted-list-item<!-- Add H6 before H5 --><!-- Add H5 before H4 --><!-- Add H4 before H3 --><!-- Single # last -->+29 moreid="noted-panel"class="noted-panel wp-admin-styling"id="noted-close"class="noted-close-button"class="noted-content"id="noted-form"+12 morewindow.jQuerywindow.notedSaveNotewindow.notedClosePanelwindow.notedInit