Does Plugin Notes have any unpatched vulnerabilities?

No. All known vulnerabilities in Plugin Notes have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Plugin Notes compatible with WordPress 4.2.39?

According to WordPress.org data, Plugin Notes 1.6 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is Plugin Notes updated?

Plugin Notes was last updated on Jul 16, 2015. Frequent updates are generally a positive security signal.

What is Plugin Notes's security score?

Plugin Notes has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plugin Notes Security & Risk Analysis

wordpress.org/plugins/plugin-notes

Allows you to add notes to plugins.

500 active installs v1.6 PHP + WP 3.5+ Updated Jul 16, 2015

memometaplugin-notesplugins

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Plugin Notes Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Notes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "plugin-notes" v1.6 plugin demonstrates a generally good security posture with several strengths. The plugin has a very small attack surface, with only one entry point which is protected by authentication. Furthermore, all SQL queries are properly prepared, and a high percentage of output is correctly escaped, indicating awareness of common web vulnerabilities. The absence of any known CVEs or vulnerability history is a significant positive indicator, suggesting a history of secure development and maintenance.

However, a notable concern arises from the presence of the `create_function` dangerous function. While the taint analysis shows no unsanitized flows, the use of `create_function` can be a gateway for remote code execution vulnerabilities if not handled with extreme care, especially in conjunction with user-supplied input that might bypass other sanitization or validation. Although the current static analysis doesn't reveal specific exploitable taint flows, this function's inclusion warrants caution and review.

In conclusion, "plugin-notes" v1.6 appears to be a relatively secure plugin with good practices in place for handling data and entry points. The lack of historical vulnerabilities is reassuring. The primary weakness is the presence of the `create_function` call, which, while not currently exploitable based on the provided data, represents a potential risk that should ideally be refactored to more modern and safer PHP constructs.

Key Concerns

Use of dangerous function create_function

Vulnerabilities

None known

Plugin Notes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Plugin Notes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$this->utf8_strlen = create_function('$text', 'return preg_match_all(inc\markdown\markdown.php:1647

Output Escaping

93% escaped41 total outputs

Attack Surface

Plugin Notes Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_plugin_notes_edit_commentplugin-notes.php:118

WordPress Hooks 22

filterthe_contentinc\markdown\markdown.php:82

filterthe_content_rssinc\markdown\markdown.php:83

filterget_the_excerptinc\markdown\markdown.php:84

filterget_the_excerptinc\markdown\markdown.php:85

filterthe_excerptinc\markdown\markdown.php:86

filterthe_excerpt_rssinc\markdown\markdown.php:87

filterthe_contentinc\markdown\markdown.php:91

filterget_the_excerptinc\markdown\markdown.php:92

filterpre_comment_contentinc\markdown\markdown.php:103

filterpre_comment_contentinc\markdown\markdown.php:104

filterpre_comment_contentinc\markdown\markdown.php:105

filterget_comment_textinc\markdown\markdown.php:106

filterget_comment_excerptinc\markdown\markdown.php:107

filterget_comment_excerptinc\markdown\markdown.php:108

filterplugin_row_metaplugin-notes.php:101

filterplugin_notes_noteplugin-notes.php:104

filterplugin_notes_noteplugin-notes.php:105

filterplugin_notes_noteplugin-notes.php:107

filterplugin_notes_noteplugin-notes.php:109

actionadmin_enqueue_scriptsplugin-notes.php:112

actionadmin_head-plugins.phpplugin-notes.php:115

actionadmin_initplugin-notes.php:486

Maintenance & Trust

Plugin Notes Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedJul 16, 2015

PHP min version

Downloads14K

Community Trust

Rating100/100

Number of ratings26

Active installs500

Alternatives

Plugin Notes Alternatives

Plugin Notes Plus

plugin-notes-plus

Adds a column to the Plugins page where you can add, edit, or delete notes about a plugin.

9K 2 CVEs

Lazy SEO

lazy-seo

The Lazy SEO plugin will help automatically optimize a site for SEO best practices using a specific set of SEO keywords and locations.

100 No CVEs

Plugin Notes Label

plugin-notes-label

100

Add your Notes to each plugin.

50 No CVEs

Search Taxonomy GT

search-taxonomy-gt

Search Taxonomy GT - This plugin adds a functionality inside the taxonomy metabox when inserting/editing posts for live taxonomy term search.

10 No CVEs

WP Social Integration

wp-social-integration

WP social integration brings login by facebook, adds basic & opengraph metadata, facebook social plugins anywhere in page

10 No CVEs

Developer Profile

Plugin Notes Developer Profile

Mohammad Jangda

5 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Plugin Notes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ