Does Sentinote have any unpatched vulnerabilities?

No. All known vulnerabilities in Sentinote have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sentinote compatible with WordPress 3.9.40?

According to WordPress.org data, Sentinote 1.1.4 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Sentinote updated?

Sentinote was last updated on Apr 28, 2014. Frequent updates are generally a positive security signal.

What is Sentinote's security score?

Sentinote has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sentinote Security & Risk Analysis

wordpress.org/plugins/sentinote

Sentinote converts your notes into WordPress posts or pages. Keep using Evernote and when you’re ready to publish assign the “published” tag.

10 active installs v1.1.4 PHP + WP 3.2+ Updated Apr 28, 2014

autoblogevernoteintegration

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sentinote Safe to Use in 2026?

Generally Safe

Score 85/100

Sentinote has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'sentinote' plugin version 1.1.4 exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and any recorded vulnerabilities is a significant strength, suggesting a history of responsible development and patching.

However, several concerns are raised by the static analysis. The most notable is the low percentage of properly escaped output (17%), indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. While no direct taint flows or dangerous functions were identified, the unescaped output could still lead to the execution of malicious scripts in the context of a logged-in user.

Furthermore, the plugin lacks nonce and capability checks across its entry points. While there are no unprotected AJAX handlers or REST API routes reported, the absence of these fundamental security mechanisms on shortcodes and cron events is a significant weakness. This could allow for unauthorized actions or unintended behavior if these entry points are triggered maliciously. The presence of file operations also warrants attention, as without proper sanitization, it could lead to arbitrary file read/write vulnerabilities. Overall, while the plugin benefits from a clean vulnerability history, the identified code quality issues present a considerable risk that needs to be addressed.

Key Concerns

Low output escaping percentage
Missing nonce checks
Missing capability checks
File operations present

Vulnerabilities

None known

Sentinote Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Sentinote Release Timeline

v1.1.4Current

Code Analysis

Analyzed Mar 17, 2026

Sentinote Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

17% escaped18 total outputs

Attack Surface

Sentinote Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[tweet] inc\shortcodes.php:27

[youtube] inc\shortcodes.php:28

[vimeo] inc\shortcodes.php:29

[soundcloud] inc\shortcodes.php:30

[note-content] inc\shortcodes.php:67

WordPress Hooks 44

actionsentinote_core_activatedinc\activate.php:31

filtercron_schedulesinc\activate.php:41

filtercron_schedulesinc\activate.php:50

actionsentinote_core_activatedinc\activate.php:58

actionrksnwp_every_x_minutesinc\activate.php:61

actionsentinote_settingsinc\admin-page.php:146

actionsentinote_settingsinc\admin-page.php:180

actionadmin_menuinc\admin-page.php:187

actionadmin_initinc\admin-page.php:193

actionsentinote_register_settingsinc\admin-page.php:199

actionsentinote_register_settingsinc\admin-page.php:229

actionsentinote_sync_serviceinc\connect-evernote.php:134

filtersentinote_process_en_note_datainc\connect-evernote.php:181

filtersentinote_process_en_note_datainc\connect-evernote.php:210

filtersentinote_evernote_search_stringinc\connect-evernote.php:220

filtersentinote_process_en_note_datainc\connect-evernote.php:288

filtersentinote_media_url_filterinc\connect-evernote.php:309

filtersentinote_process_en_note_datainc\connect-evernote.php:317

filtersentinote_process_en_note_datainc\connect-evernote.php:329

filtersentinote_process_en_note_datainc\connect-evernote.php:336

filtersentinote_process_en_note_datainc\connect-evernote.php:362

filtersentinote_process_en_note_datainc\connect-evernote.php:386

actionsentinote_evernote_remove_postsinc\connect-evernote.php:424

actionsentinote_perform_taskinc\connect-service.php:26

actionsentinote_core_deactivatedinc\deactivate.php:27

actionwp_enqueue_scriptsinc\load-scripts.php:27

actionsentinote_process_en_noteinc\process-notes.php:93

actionsentinote_process_wp_post_datainc\process-notes.php:105

actionsentinote_process_wp_post_datainc\process-notes.php:113

actionsentinote_process_wp_post_datainc\process-notes.php:120

actionsentinote_process_wp_post_datainc\process-notes.php:143

actionsentinote_process_wp_post_datainc\process-notes.php:160

actionsentinote_process_wp_post_datainc\process-notes.php:177

actionsentinote_process_wp_post_datainc\process-notes.php:187

actionsentinote_process_wp_post_datainc\process-notes.php:211

actionsentinote_process_wp_post_datainc\process-notes.php:225

actionsentinote_after_post_editinc\process-notes.php:231

actionsentinote_after_post_editinc\process-notes.php:240

actionsentinote_after_post_editinc\process-notes.php:247

actionsentinote_after_post_editinc\process-notes.php:262

actionsentinote_after_post_editinc\process-notes.php:276

actionsentinote_after_post_editinc\process-notes.php:305

actionsentinote_after_post_editinc\process-notes.php:310

filtersentinote_embed_shortcodesinc\shortcodes.php:39

Scheduled Events 2

rksnwp_every_x_minutes

Maintenance & Trust

Sentinote Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedApr 28, 2014

PHP min version

Downloads5K

Community Trust

Rating80/100

Number of ratings5

Active installs10

Alternatives

Sentinote Alternatives

EverPress

everpress

EverPress allows Evernote users to automatic post their shared notebooks to WordPress.

10 No CVEs

Connect Contact Form 7 and Mailchimp

contact-form-7-mailchimp-extension

Connect Contact Form 7 to Mailchimp. Automatically sync form submissions to your Mailchimp audiences with merge field mapping, double opt-in, and opt- …

50K 3 CVEs

RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging

wp-rss-aggregator

The #1 WordPress RSS aggregator to quickly import RSS feeds, build a news aggregator, and for easy autoblogging.

50K 13 CVEs

Zapier for WordPress

zapier

Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.

50K 2 CVEs

Autocomplete WooCommerce Orders

autocomplete-woocommerce-orders

100

Enhance your WooCommerce store with Autocomplete Orders. Automatically complete orders after payment, perfect for virtual goods and subscriptions.

40K No CVEs

Developer Profile

Sentinote Developer Profile

rheinardkorf

4 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sentinote

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sentinote/assets/style.css

HTML / DOM Fingerprints

CSS Classes

warning

Data Attributes

data-postid

Shortcode Output

[note-content][tweet][youtube][vimeo]

FAQ