WP-Safety

Role Based Help Notes Security & Risk Analysis

wordpress.org/plugins/role-based-help-notes

Help Notes/Posts private to assigned users of a WordPress role.

10 active installs v2.5 PHP 5.4+ WP 3.5+ Updated Sep 24, 2024
collaborationnotesrolesteamsuser
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Role Based Help Notes Safe to Use in 2026?

Generally Safe

Score 92/100

Role Based Help Notes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "role-based-help-notes" plugin v2.5 exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly reduces the potential attack surface. The code also demonstrates good practices by using prepared statements for all SQL queries and implementing a substantial number of nonce and capability checks. File operations and external HTTP requests are also absent, further limiting potential vulnerabilities.

However, there are areas for improvement. While the taint analysis shows no critical or high severity flows, the low number of total flows analyzed (2) suggests that the analysis might not be exhaustive. The output escaping, while at 71%, still leaves approximately 29% of outputs unescaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not properly handled in those instances. The vulnerability history is a positive indicator, with zero recorded CVEs, suggesting a history of secure development or effective patching by the maintainers.

In conclusion, the plugin appears to be relatively secure, with no immediate critical vulnerabilities identified. The developers have implemented several core security best practices. The primary concern lies with the potential for unescaped output, which warrants further investigation and remediation. The limited scope of the taint analysis is also a minor point of caution.

Key Concerns

  • Unescaped output detected
Vulnerabilities
None known

Role Based Help Notes Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Role Based Help Notes Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
74
178 escaped
Nonce Checks
8
Capability Checks
24
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

71% escaped252 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
field_roles_for_group_email_custom_save (includes\plugin-compatibility\email-users\class-rbhn-email-users-group-settings.php:87)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Role Based Help Notes Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 69
filtermap_meta_capincludes\class-rbhn-capabilities.php:22
filtermap_meta_capincludes\class-rbhn-capabilities.php:25
filtermap_meta_capincludes\class-rbhn-capabilities.php:28
filterposts_whereincludes\class-rbhn-capabilities.php:31
filterajax_query_attachments_argsincludes\class-rbhn-capabilities.php:32
filtermap_meta_capincludes\class-rbhn-capabilities.php:413
filterposts_whereincludes\class-rbhn-capabilities.php:457
filtermap_meta_capincludes\class-rbhn-capabilities.php:481
actionadmin_enqueue_scriptsincludes\class-rbhn-pointers.php:10
actionadmin_print_footer_scriptsincludes\class-rbhn-pointers.php:74
actionadmin_print_footer_scriptsincludes\class-rbhn-pointers.php:82
actioninitincludes\class-rbhn-taxonomy.php:47
actionrestrict_manage_postsincludes\class-rbhn-taxonomy.php:49
filterparse_queryincludes\class-rbhn-taxonomy.php:51
actioninitincludes\class-tabbed-settings.php:73
actionadmin_initincludes\class-tabbed-settings.php:75
actionadmin_menuincludes\class-tabbed-settings.php:77
actioninitincludes\class-tgm-plugin-activation.php:268
filterload_textdomain_mofileincludes\class-tgm-plugin-activation.php:269
actioninitincludes\class-tgm-plugin-activation.php:272
actionadmin_menuincludes\class-tgm-plugin-activation.php:421
actionadmin_headincludes\class-tgm-plugin-activation.php:422
filterinstall_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:425
filterupdate_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:426
actionadmin_noticesincludes\class-tgm-plugin-activation.php:429
actionadmin_initincludes\class-tgm-plugin-activation.php:430
actionadmin_enqueue_scriptsincludes\class-tgm-plugin-activation.php:431
actionload-plugins.phpincludes\class-tgm-plugin-activation.php:436
actionswitch_themeincludes\class-tgm-plugin-activation.php:439
actionswitch_themeincludes\class-tgm-plugin-activation.php:442
actionadmin_initincludes\class-tgm-plugin-activation.php:447
actionswitch_themeincludes\class-tgm-plugin-activation.php:452
actionadmin_headincludes\class-tgm-plugin-activation.php:456
actionload_textdomain_mofileincludes\class-tgm-plugin-activation.php:478
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:892
actionplugins_loadedincludes\class-tgm-plugin-activation.php:2133
filtertgmpa_table_data_itemsincludes\class-tgm-plugin-activation.php:2257
filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:3000
actionadmin_initincludes\class-tgm-plugin-activation.php:3170
actionupgrader_process_completeincludes\class-tgm-plugin-activation.php:3265
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3324
filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3469
filterrbhn_author_urlincludes\plugin-compatibility\buddypress\buddypress.php:14
filterrbhn_settingsincludes\plugin-compatibility\email-users\class-rbhn-email-users-group-settings.php:25
filtereditable_rolesincludes\plugin-compatibility\email-users\class-rbhn-email-users-group-settings.php:241
filtermailusers_manipulate_headersincludes\plugin-compatibility\email-users\email-users-custom.php:32
actioncurrent_screenincludes\plugin-compatibility\email-users\email-users-custom.php:53
filterrbhn_settingsincludes\plugin-compatibility\plugin-compatibility.php:111
filterrbhn_contents_page_role_listing_titleincludes\plugin-compatibility\tabby-responsive-tabs\tabby-responsive-tabs.php:19
filterrbhn_contents_page_role_listingincludes\plugin-compatibility\tabby-responsive-tabs\tabby-responsive-tabs.php:20
filterrbhn_contents_page_role_final_listingincludes\plugin-compatibility\tabby-responsive-tabs\tabby-responsive-tabs.php:21
actionwp_enqueue_scriptsincludes\plugin-compatibility\tabby-responsive-tabs\tabby-responsive-tabs.php:22
actionrbhn_create_content_sectionincludes\plugin-compatibility\tabby-responsive-tabs\tabby-responsive-tabs.php:25
actiontgmpa_registerincludes\plugin-install.php:10
actiontabbed_settings_after_updateincludes\settings.php:23
actionwidgets_initincludes\widgets.php:15
actionafter_setup_themerole-based-help-notes.php:60
actionafter_setup_themerole-based-help-notes.php:63
actiongenerate_rewrite_rulesrole-based-help-notes.php:66
actionadmin_initrole-based-help-notes.php:69
actionadmin_menurole-based-help-notes.php:70
actioninitrole-based-help-notes.php:73
actionadmin_initrole-based-help-notes.php:76
actionadmin_noticesrole-based-help-notes.php:77
filterthe_contentrole-based-help-notes.php:80
filterpre_get_postsrole-based-help-notes.php:83
actionadmin_print_footer_scriptsrole-based-help-notes.php:86
actionwp_enqueue_scriptsrole-based-help-notes.php:89
actiongenerate_rewrite_rulesrole-based-help-notes.php:969
Maintenance & Trust

Role Based Help Notes Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 24, 2024
PHP min version5.4
Downloads14K

Community Trust

Rating92/100
Number of ratings10
Active installs10
Alternatives

Role Based Help Notes Alternatives

Advanced Access Manager – Access Governance for WordPress

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

A
95

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

A
96

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs
Hide Admin Bar Based on User Roles

Hide Admin Bar Based on User Roles

hide-admin-bar-based-on-user-roles

A
100

Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi …

20K 1 CVE
View Admin As

View Admin As

view-admin-as

A
92

View the WordPress admin as a different role or visitor, switch between users, temporarily change your capabilities, set screen settings for roles.

9K No CVEs
User Roles and Capabilities

User Roles and Capabilities

user-roles-and-capabilities

C
63

Manage user roles and Capabilities, create new roles and change default role.

8K 1 unpatched
Developer Profile

Role Based Help Notes Developer Profile

Justin Fletcher

5 plugins · 290 total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Role Based Help Notes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/role-based-help-notes/js/contents-page.js/wp-content/plugins/role-based-help-notes/js/contents-page-scroll-to-section.js
Script Paths
js/contents-page.jsjs/contents-page-scroll-to-section.js
Version Parameters
role-based-help-notes/role-based-help-notes.php?ver=js/contents-page.js?ver=js/contents-page-scroll-to-section.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- rbhn_content_editable -->
Data Attributes
data-rbhn-post-id
JS Globals
rbhn_content_editable
FAQ

Frequently Asked Questions about Role Based Help Notes