[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwzZdyP582qSZGMDrjLZfbvYuBPdiy9ELWRwN9YXTvs4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":47,"crawl_stats":38,"alternatives":52,"analysis":153,"fingerprints":245},"page-post-notes","Page & Post Notes","1.3.5","yydevelopment","https:\u002F\u002Fprofiles.wordpress.org\u002Fyydevelopment\u002F","\u003Cp>The page & post notes plugin allow you to add notes on pages and posts on your wordpress website.\u003C\u002Fp>\n\u003Cp>With this plugin you will be able to easily create notes with important data and remove them if required.\u003C\u002Fp>\n\u003Ch4>Page & Post Notes Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The ability to add notes to all pages and posts on your wordpress websites\u003C\u002Fli>\n\u003Cli>The ability to add as many notes you want for each page and post\u003C\u002Fli>\n\u003Cli>The ability to remove notes you don’t want anymore\u003C\u002Fli>\n\u003Cli>The ability to change text direction to rtl and ltr\u003C\u002Fli>\n\u003Cli>The ability to add separator line to the text\u003C\u002Fli>\n\u003Cli>The ability to save notes also on wordpress dashbaord\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About the author & license\u003C\u002Fh4>\n\u003Cp>This plugin was brought to you for free by \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002F\" rel=\"nofollow ugc\">YYDevelopment\u003C\u002Fa> under GPLv2 license.\u003C\u002Fp>\n\u003Cp>The plugin is 100% free and we intend to keep it that way in the future as well. You are free to use this plugin and all our other \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002Fyydevelopment-wordpress-plugins\u002F\" rel=\"nofollow ugc\">free wordpress plugins\u003C\u002Fa> for your projects, your client’s projects or for anything else you need.\u003C\u002Fp>\n\u003Cp>If this plugin was helpful for you please share it online and if you get a chance to give it a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpage-post-notes\u002F#reviews\" rel=\"ugc\">positive review\u003C\u002Fa> we will appreciate that.\u003C\u002Fp>\n\u003Cp>If have any problems or questions regarding our page & post notes  plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fpage-post-notes\u002F\" rel=\"ugc\">submit a ticket\u003C\u002Fa> and we will be happy to help.\u003C\u002Fp>\n\u003Cp>By the way, we are based in Israel so we welcome you to visit our Hebrew site as well \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.co.il\u002F\" rel=\"nofollow ugc\">YYDevelopment Israel\u003C\u002Fa> if you are fellow Israeli.\u003C\u002Fp>\n\u003Ch4>Help support us with a coffee donation\u003C\u002Fh4>\n\u003Cp>Don’t you just hate it when you download a plugin and you find out that in order to use it you have to buy a pro version?\u003C\u002Fp>\n\u003Cp>Even bigger problem is when you use a plugin and then just out of the blue the developer decides to add a pro version and he either changes the way the plugin works or he converts some of the free functions to paid ones.\u003C\u002Fp>\n\u003Cp>We sure did hate that and a few years back we decided to start creating some of the plugins ourselves and we decided to share them all with the WordPress community \u003Cstrong>100% FREE\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Nowadays we have more than 15 plugins and you can download and use them all for free by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fyydevelopment\u002F\" rel=\"ugc\">Clicking Here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you liked this plugin and you want to help support our cause, \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002Fcoffee-break\u002F?plugin=page-post-notes\" rel=\"nofollow ugc\">buy us a coffee\u003C\u002Fa>. Studies show that coffee helps with creating WordPress plugins.\u003C\u002Fp>\n","Simple plugin that allow you to notes on pages and posts",1000,14163,88,11,"2025-12-10T03:45:00.000Z","6.9.4","5.0","5.2.4",[20,21,22,23,24],"memo","note","notes","page-notes","post-notes","https:\u002F\u002Fwww.yydevelopment.com\u002Fyydevelopment-wordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-post-notes.1.3.5.zip",99,1,0,"2025-11-06 17:14:46","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":28},"CVE-2025-12527","page-post-notes-missing-authorization-to-authenticated-subscriber-note-updatedeletion","Page & Post Notes \u003C= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update\u002FDeletion","The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify notes.",null,"\u003C=1.3.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-11-07 05:29:59",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F93dadc33-cabf-4701-97ca-861ad90597fb?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":13,"computed_at":51},50700,100,67,"2026-04-04T03:37:46.263Z",[53,73,90,112,135],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":16,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":69,"download_link":70,"security_score":71,"vuln_count":28,"unpatched_count":28,"last_vuln_date":72,"fetched_at":31},"notely","Notely","1.9.0","Rocket Apps","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikeyott\u002F","\u003Cp>Create admin text notes for any post, page or custom post type.\u003C\u002Fp>\n\u003Ch3>How To Use\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>Settings\u003C\u002Fstrong> -> \u003Cstrong>Notely\u003C\u002Fstrong>, choose which post types to enable for and set any other desired options.\u003C\u002Fli>\n\u003Cli>Hit the \u003Cstrong>Save Settings\u003C\u002Fstrong> button.\u003C\u002Fli>\n\u003Cli>You will now see a \u003Cstrong>Notes\u003C\u002Fstrong> metabox when you create or edit.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Official website and support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fnotely\" rel=\"ugc\">Notely support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>More options with \u003Ca href=\"https:\u002F\u002Frocketapps.com.au\u002Fproduct\u002Fnotely-pro\u002F?origin=notely\" rel=\"nofollow ugc\">Notely Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketapps.com.au\u002Fshop\u002F?origin=notely\" rel=\"nofollow ugc\">More awesome plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketapps.com.au\u002Fwproject-theme\u002F?origin=notely\" rel=\"nofollow ugc\">Project Management built on WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Create admin text notes for any post, page or custom post type.",700,16889,96,13,"2026-03-04T01:09:00.000Z","4.0","",[20,22,23,24],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotely\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotely.1.9.0.zip",78,"2025-09-26 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":29,"num_ratings":29,"last_updated":67,"tested_up_to":16,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":67,"download_link":88,"security_score":49,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":89},"beckin-post-notes","Beckin Post Notes","1.1.4","Beckin","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeckin\u002F","\u003Cp>\u003Cstrong>Beckin Post Notes\u003C\u002Fstrong> gives editors a fast, private way to attach notes to individual \u003Cem>posts, pages, and custom post types\u003C\u002Fem>, right where they work. Notes are stored as post meta and only visible to users who can edit the post.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why it’s unique\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Most “notes” plugins add \u003Cem>global dashboard notes\u003C\u002Fem>. This one is \u003Cstrong>contextual\u003C\u002Fstrong>, notes live \u003Cem>on the post or page itself\u003C\u002Fem> and appear in the list table.\u003Cbr \u002F>\n2. \u003Cstrong>Zero clutter:\u003C\u002Fstrong> no admin menus, no persistent banners, no database tables.\u003Cbr \u002F>\n3. \u003Cstrong>Clean and compliant:\u003C\u002Fstrong> sanitized input, nonces, capability checks, no direct SQL.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n– Side metabox labeled automatically (e.g. “Post Note” or “Page Note”).\u003Cbr \u002F>\n– “Note” column in the list table with a note 📝 icon when a note exists.\u003Cbr \u002F>\n– New \u003Cstrong>filter dropdown\u003C\u002Fstrong>: quickly show only posts \u003Cem>with\u003C\u002Fem> or \u003Cem>without\u003C\u002Fem> notes.\u003Cbr \u002F>\n– Only users who can edit the post can view or edit its note.\u003Cbr \u002F>\n– Extendable: use \u003Ccode>beckin_postnotes_supported_post_types\u003C\u002Fcode> to enable notes on custom post types.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Extendable Example\u003C\u002Fstrong>:\u003Cbr \u002F>\nSimply add a small snippet of code in a theme or by using a code snippet plugin\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'beckin_postnotes_supported_post_types', fn( $types ) => array_merge( $types, [ 'your_custom_post_type' ] ) );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>🌟 Like our plugin? Find it useful? Please consider sharing your experience by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbeckin-post-notes\u002Freviews\u002F\" rel=\"ugc\">leaving a review on WordPress.org\u003C\u002Fa>. Your feedback is instrumental to shaping our future growth!\u003C\u002Fp>\n","Add private admin notes to posts, pages, and custom post types - simple, fast, and clutter-free.",10,327,"6.8","8.0",[86,87,22,23,24],"admin-notes","custom-post-type-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeckin-post-notes.1.1.4.zip","2026-03-15T10:48:56.248Z",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":49,"num_ratings":100,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":67,"download_link":108,"security_score":109,"vuln_count":110,"unpatched_count":29,"last_vuln_date":111,"fetched_at":31},"simple-post-notes","Simple Post Notes","1.8.1","Kuba Mikita","https:\u002F\u002Fprofiles.wordpress.org\u002Fkubitomakita\u002F","\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple note section on the post edit screen\u003C\u002Fli>\n\u003Cli>Sortable note column in posts table\u003C\u002Fli>\n\u003Cli>Bulk \u002F Quick edit support\u003C\u002Fli>\n\u003Cli>Shortcode which will display the note on the front end\u003C\u002Fli>\n\u003Cli>Ability to change the “Note” title and add a help text for editors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Our other plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbracketspace.com\u002Fnotification\u002F\" rel=\"nofollow ugc\">Notification – notification system for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-cron-manager\u002F\" rel=\"ugc\">Advanced Cron Manager\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-watermark\u002F\" rel=\"ugc\">Easy Watermark\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom development\u003C\u002Fh4>\n\u003Cp>BracketSpace – the company behind this plugin provides \u003Ca href=\"https:\u002F\u002Fbracketspace.com\u002Fcustom-development\u002F\" rel=\"nofollow ugc\">custom WordPress plugin development services\u003C\u002Fa>. We can create any custom plugin for you.\u003C\u002Fp>\n\u003Cp>\u003Cem>Cover photo \u003Ca href=\"http:\u002F\u002Fwww.freepik.com\" rel=\"nofollow ugc\">designed by Freepik\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n","Adds simple notes to post, page and custom post type edit screen.",10000,85638,24,"2025-09-04T06:29:00.000Z","6.8.5","6.0","7.0",[106,21,22,107,24],"info","post-info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-post-notes.1.8.1.zip",98,3,"2024-07-09 00:00:00",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":49,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":130,"download_link":131,"security_score":132,"vuln_count":133,"unpatched_count":29,"last_vuln_date":134,"fetched_at":31},"plugin-notes-plus","Plugin Notes Plus","1.2.10","jamiebergen","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamiebergen\u002F","\u003Cp>Have you ever returned to a site that you built a while back and asked, “Why did I install this plugin?” This plugin provides an extra column on the Plugins page that enables you to add, edit, or delete notes about the plugins you have installed on a particular site. These notes are intended to provide documentation regarding why a particular plugin was installed and how or where it’s being used.\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add as many or as few notes as you need for each plugin.\u003C\u002Fli>\n\u003Cli>Edit or delete notes as desired.\u003C\u002Fli>\n\u003Cli>Select an icon to go with each note to quickly convey what type of content it contains (e.g., info, warning, link, etc.)\u003C\u002Fli>\n\u003Cli>Format notes using basic HTML tags if desired.\u003C\u002Fli>\n\u003Cli>Any links included in the note will be automatically converted to \u003Ccode>target=\"_blank\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Notes are added and updated via Ajax, avoiding slow page reloads.\u003C\u002Fli>\n\u003Cli>Notes also display on the WordPress Updates page for any plugins that need to be updated.\u003C\u002Fli>\n\u003Cli>A filter is provided if you would like to display notes beneath the plugin description instead of in a separate column.\u003C\u002Fli>\n\u003Cli>A filter is available to selectively hide or display plugin notes in the admin.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a column to the Plugins page where you can add, edit, or delete notes about a plugin.",9000,75205,61,"2025-03-20T00:08:00.000Z","6.7.5","6.2","5.6",[20,128,129],"plugin-notes","plugins","https:\u002F\u002Fgithub.com\u002Fjamiebergen\u002Fplugin-notes-plus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-notes-plus.1.2.10.zip",91,2,"2024-08-16 00:00:00",{"slug":128,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":49,"num_ratings":144,"last_updated":145,"tested_up_to":146,"requires_at_least":147,"requires_php":67,"tags":148,"homepage":150,"download_link":151,"security_score":152,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"Plugin Notes","1.6","Mohammad Jangda","https:\u002F\u002Fprofiles.wordpress.org\u002Fbatmoo\u002F","\u003Cp>Allows you to add notes to plugins. Useful when you’re using lots of plugins and\u002For make modifications to a plugin and want to make a note of them, and\u002For work on your WordPress install with a group of people. This plugin was inspired by a post by \u003Ca href=\"http:\u002F\u002Fdigwp.com\" rel=\"nofollow ugc\">Chris Coyier\u003C\u002Fa>: (http:\u002F\u002Fdigwp.com\u002F2009\u002F10\u002Fideas-for-plugins\u002F)\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add\u002Fedit\u002Fdelete notes for each plugin on the plugin page\u003C\u002Fli>\n\u003Cli>You can use HTML in notes (v1.1+)\u003C\u002Fli>\n\u003Cli>You can use \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" rel=\"nofollow ugc\">markdown syntax\u003C\u002Fa> in notes (v1.5+)\u003C\u002Fli>\n\u003Cli>You can use a number of variables which will be automagically replaced when the note displays (v1.5+)\u003C\u002Fli>\n\u003Cli>Save a note as a template for new notes (v1.5+)\u003C\u002Fli>\n\u003Cli>You can color-code notes to see in one glance what’s up or down (v1.6+)\u003C\u002Fli>\n\u003Cli>Links within note automagically have \u003Ccode>target=\"_blank\"\u003C\u002Fcode> added so you won’t accidently leave your site while working with the plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please have a look at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-notes\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more information about these features.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Markdown script\u003C\u002Fstrong>: \u003Ca href=\"http:\u002F\u002Fmichelf.ca\u002Fprojects\u002Fphp-markdown\u002F\" rel=\"nofollow ugc\">PHP Markdown 1.0.1.o\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>External link indicator\u003C\u002Fstrong>: liberally nicked from the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbwp-external-links\u002F\" rel=\"ugc\">Better WP External Links\u003C\u002Fa> plugin\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Dutch – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fjrf\" rel=\"ugc\">jrf\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please help us make this plugin available in more language by translating it. See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-notes\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more info.\u003C\u002Fp>\n","Allows you to add notes to plugins.",500,14446,26,"2015-07-16T22:45:00.000Z","4.2.39","3.5",[20,149,128,129],"meta","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-notes.1.6.zip",85,{"attackSurface":154,"codeSignals":195,"taintFlows":235,"riskAssessment":236,"analyzedAt":244},{"hooks":155,"ajaxHandlers":180,"restRoutes":192,"shortcodes":193,"cronEvents":194,"entryPointCount":110,"unprotectedCount":29},[156,162,166,170,175],{"type":157,"name":158,"callback":159,"file":160,"line":161},"action","add_meta_boxes","yydev_notes_register_meta_boxes","index.php",45,{"type":157,"name":163,"callback":164,"file":160,"line":165},"wp_dashboard_setup","yydev_notes_dashboard_widgets",66,{"type":157,"name":167,"callback":168,"file":160,"line":169},"pre_post_update","yydev_notes_insert_to_database",89,{"type":171,"name":172,"callback":173,"priority":81,"file":160,"line":174},"filter","plugin_action_links","closure",134,{"type":157,"name":176,"callback":177,"file":178,"line":179},"admin_notices","yydev_notes_admin_notice","notices.php",274,[181,186,189],{"action":182,"nopriv":183,"callback":182,"hasNonce":184,"hasCapCheck":184,"file":160,"line":185},"yydev_notes_save_dashboard_data",false,true,126,{"action":187,"nopriv":183,"callback":187,"hasNonce":184,"hasCapCheck":184,"file":178,"line":188},"yydev_notes_stop_notice_forever",62,{"action":190,"nopriv":183,"callback":190,"hasNonce":184,"hasCapCheck":184,"file":178,"line":191},"yydev_notes_stop_notice_for_now",84,[],[],[],{"dangerousFunctions":196,"sqlUsage":197,"outputEscaping":210,"fileOperations":29,"externalRequests":29,"nonceChecks":232,"capabilityChecks":233,"bundledLibraries":234},[],{"prepared":29,"raw":110,"locations":198},[199,203,206],{"file":200,"line":201,"context":202},"include\\admin-output.php",36,"$wpdb->get_row() with variable interpolation",{"file":204,"line":201,"context":205},"include\\insert-to-db.php","$wpdb->query() with variable interpolation",{"file":207,"line":208,"context":209},"include\\install.php",14,"$wpdb->get_var() with variable interpolation",{"escaped":122,"rawEcho":211,"locations":212},9,[213,216,218,220,221,223,226,228,230],{"file":200,"line":214,"context":215},90,"raw output",{"file":200,"line":217,"context":215},111,{"file":200,"line":219,"context":215},131,{"file":200,"line":219,"context":215},{"file":200,"line":222,"context":215},146,{"file":224,"line":225,"context":215},"include\\script.php",140,{"file":178,"line":227,"context":215},119,{"file":178,"line":229,"context":215},136,{"file":178,"line":231,"context":215},154,5,7,[],[],{"summary":237,"deductions":238},"The \"page-post-notes\" plugin v1.3.5 presents a mixed security posture.  While the static analysis indicates a positive trend with a large percentage of outputs properly escaped and a robust implementation of nonces and capability checks, there are significant concerns regarding its handling of SQL queries.  All observed SQL queries are executed without prepared statements, which, even with the absence of identified taint flows in this analysis, poses a substantial risk of SQL injection vulnerabilities.  The plugin's vulnerability history, though currently showing no unpatched CVEs, reveals a past medium-severity vulnerability attributed to Missing Authorization. This historical context, combined with the lack of prepared statements, suggests a potential for recurring authorization or injection issues if not addressed rigorously.\n\nOverall, the plugin demonstrates good practices in areas like output escaping and authentication checks on its entry points. However, the universal reliance on raw SQL queries is a critical weakness that elevates the risk profile. The absence of taint analysis findings in this specific scan doesn't negate the inherent danger of unsanitized SQL.  A proactive approach focusing on refactoring SQL queries to use prepared statements is strongly recommended to mitigate these risks and improve the plugin's long-term security.",[239,242],{"reason":240,"points":241},"SQL queries do not use prepared statements",15,{"reason":243,"points":81},"Past medium severity vulnerability (Missing Authorization)","2026-03-16T18:44:32.752Z",{"wat":246,"direct":259},{"assetPaths":247,"generatorPatterns":256,"scriptPaths":257,"versionParams":258},[248,249,250,251,252,253,254,255],"\u002Fwp-content\u002Fplugins\u002Fpage-post-notes\u002Finclude\u002Fadmin-output.php","\u002Fwp-content\u002Fplugins\u002Fpage-post-notes\u002Finclude\u002Ffunctions.php","\u002Fwp-content\u002Fplugins\u002Fpage-post-notes\u002Finclude\u002Finstall.php","\u002Fwp-content\u002Fplugins\u002Fpage-post-notes\u002Finclude\u002Finsert-to-db.php","\u002Fwp-content\u002Fplugins\u002Fpage-post-notes\u002Finclude\u002Fscript.php","\u002Fwp-content\u002Fplugins\u002Fpage-post-notes\u002Finclude\u002Fsettings.php","\u002Fwp-content\u002Fplugins\u002Fpage-post-notes\u002Finclude\u002Fstyle.php","\u002Fwp-content\u002Fplugins\u002Fpage-post-notes\u002Fnotices.php",[],[252],[],{"cssClasses":260,"htmlComments":261,"htmlAttributes":266,"restEndpoints":269,"jsGlobals":271,"shortcodeOutput":273},[],[262,263,264,265],"\u003C!-- Start: YYDevelopment Page\u002FPost Notes -->","\u003C!-- End: YYDevelopment Page\u002FPost Notes -->","\u003C!-- Start: Dashboard Notes -->","\u003C!-- End: Dashboard Notes -->",[267,268],"data-page-id","data-post-id",[270],"\u002Fwp-json\u002Fyydev-notes\u002Fv1\u002Fsave",[272],"yydev_notes_ajax_object",[]]