[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAayW0gevltPEmPvMeQOlIH3FVRg98pCPgJJYmpGXgK0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":78,"crawl_stats":38,"alternatives":86,"analysis":177,"fingerprints":264},"simple-post-notes","Simple Post Notes","1.8.1","Kuba Mikita","https:\u002F\u002Fprofiles.wordpress.org\u002Fkubitomakita\u002F","\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple note section on the post edit screen\u003C\u002Fli>\n\u003Cli>Sortable note column in posts table\u003C\u002Fli>\n\u003Cli>Bulk \u002F Quick edit support\u003C\u002Fli>\n\u003Cli>Shortcode which will display the note on the front end\u003C\u002Fli>\n\u003Cli>Ability to change the “Note” title and add a help text for editors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Our other plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbracketspace.com\u002Fnotification\u002F\" rel=\"nofollow ugc\">Notification – notification system for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-cron-manager\u002F\" rel=\"ugc\">Advanced Cron Manager\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-watermark\u002F\" rel=\"ugc\">Easy Watermark\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom development\u003C\u002Fh4>\n\u003Cp>BracketSpace – the company behind this plugin provides \u003Ca href=\"https:\u002F\u002Fbracketspace.com\u002Fcustom-development\u002F\" rel=\"nofollow ugc\">custom WordPress plugin development services\u003C\u002Fa>. We can create any custom plugin for you.\u003C\u002Fp>\n\u003Cp>\u003Cem>Cover photo \u003Ca href=\"http:\u002F\u002Fwww.freepik.com\" rel=\"nofollow ugc\">designed by Freepik\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n","Adds simple notes to post, page and custom post type edit screen.",10000,85638,100,24,"2025-09-04T06:29:00.000Z","6.8.5","6.0","7.0",[20,21,22,23,24],"info","note","notes","post-info","post-notes","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-post-notes.1.8.1.zip",98,3,0,"2024-07-09 00:00:00","2026-03-15T15:16:48.613Z",[33,49,64],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-37562","simple-post-notes-authenticated-administrator-stored-cross-site-scripting","Simple Post Notes \u003C= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Simple Post Notes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.7.7","1.7.8","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-07-30 20:08:37",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa256e11e-b59d-4ce1-ac52-da89789e97a9?source=api-prod",22,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2024-31935","simple-post-notes-cross-site-request-forgery","Simple Post Notes \u003C= 1.7.6 - Cross-Site Request Forgery","The Simple Post Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.7.7 (exclusive). This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as clicking on a link. The impact of this vulnerability is unknown.","\u003C1.7.7","1.7.7",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-04-10 00:00:00","2024-04-16 15:20:20",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5a7bb428-dd65-47f7-aaf6-ecdad4ae3049?source=api-prod",7,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":41,"cvss_score":71,"cvss_vector":72,"vuln_type":44,"published_date":73,"updated_date":74,"references":75,"days_to_patch":77},"CVE-2022-2186","simple-post-notes-subscriber-stored-cross-site-scripting","Simple Post Notes \u003C= 1.7.5 - Subscriber+ Stored Cross-Site Scripting","The Simple Post Notes plugin for WordPress is vulnerable to subscriber+ Stored Cross-Site Scripting via the 'spnote' parameter saved via the save_bulkedit_note() function which gets called through the wp_ajax_spnote_save_bulk_edit AJAX action. This affects versions up to 1.7.6, and version 1.7.6 is still vulnerable to unauthorized post note changes by subscriber level users due to a missing capability check on the spnote_save_bulk_edit action.","\u003C=1.7.5","1.7.6",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-06-22 00:00:00","2024-01-22 19:56:02",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8260a74a-e338-42f6-ad9d-cb30f1a9bc86?source=api-prod",580,{"slug":79,"display_name":7,"profile_url":8,"plugin_count":80,"total_installs":81,"avg_security_score":82,"avg_patch_time_days":83,"trust_score":84,"computed_at":85},"kubitomakita",9,50520,95,237,76,"2026-04-04T03:34:42.044Z",[87,102,124,143,160],{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":29,"downloaded":95,"rating":29,"num_ratings":29,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":25,"tags":99,"homepage":25,"download_link":101,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"plugmint-sticky-notes","Plugmint – Sticky Notes for Posts, Pages, Products & CPTs","1.0.0","MD.Ridwan","https:\u002F\u002Fprofiles.wordpress.org\u002Fridwan25\u002F","\u003Cp>Plugmint – Sticky Notes for Posts, Pages, Products & CPTs plugin lets adminis to attach short  notes inside the post editor. Notes are stored as post meta and are not visible on the front-end.\u003C\u002Fp>\n","A lightweight plugin to add private admin-only notes to posts, pages, products and on any custom post types.",133,"2025-12-09T17:24:00.000Z","6.9.4","5.0",[21,22,23,24,100],"product-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugmint-sticky-notes.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":97,"requires_at_least":98,"requires_php":115,"tags":116,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":29,"last_vuln_date":123,"fetched_at":31},"page-post-notes","Page & Post Notes","1.3.5","yydevelopment","https:\u002F\u002Fprofiles.wordpress.org\u002Fyydevelopment\u002F","\u003Cp>The page & post notes plugin allow you to add notes on pages and posts on your wordpress website.\u003C\u002Fp>\n\u003Cp>With this plugin you will be able to easily create notes with important data and remove them if required.\u003C\u002Fp>\n\u003Ch4>Page & Post Notes Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The ability to add notes to all pages and posts on your wordpress websites\u003C\u002Fli>\n\u003Cli>The ability to add as many notes you want for each page and post\u003C\u002Fli>\n\u003Cli>The ability to remove notes you don’t want anymore\u003C\u002Fli>\n\u003Cli>The ability to change text direction to rtl and ltr\u003C\u002Fli>\n\u003Cli>The ability to add separator line to the text\u003C\u002Fli>\n\u003Cli>The ability to save notes also on wordpress dashbaord\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About the author & license\u003C\u002Fh4>\n\u003Cp>This plugin was brought to you for free by \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002F\" rel=\"nofollow ugc\">YYDevelopment\u003C\u002Fa> under GPLv2 license.\u003C\u002Fp>\n\u003Cp>The plugin is 100% free and we intend to keep it that way in the future as well. You are free to use this plugin and all our other \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002Fyydevelopment-wordpress-plugins\u002F\" rel=\"nofollow ugc\">free wordpress plugins\u003C\u002Fa> for your projects, your client’s projects or for anything else you need.\u003C\u002Fp>\n\u003Cp>If this plugin was helpful for you please share it online and if you get a chance to give it a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpage-post-notes\u002F#reviews\" rel=\"ugc\">positive review\u003C\u002Fa> we will appreciate that.\u003C\u002Fp>\n\u003Cp>If have any problems or questions regarding our page & post notes  plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fpage-post-notes\u002F\" rel=\"ugc\">submit a ticket\u003C\u002Fa> and we will be happy to help.\u003C\u002Fp>\n\u003Cp>By the way, we are based in Israel so we welcome you to visit our Hebrew site as well \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.co.il\u002F\" rel=\"nofollow ugc\">YYDevelopment Israel\u003C\u002Fa> if you are fellow Israeli.\u003C\u002Fp>\n\u003Ch4>Help support us with a coffee donation\u003C\u002Fh4>\n\u003Cp>Don’t you just hate it when you download a plugin and you find out that in order to use it you have to buy a pro version?\u003C\u002Fp>\n\u003Cp>Even bigger problem is when you use a plugin and then just out of the blue the developer decides to add a pro version and he either changes the way the plugin works or he converts some of the free functions to paid ones.\u003C\u002Fp>\n\u003Cp>We sure did hate that and a few years back we decided to start creating some of the plugins ourselves and we decided to share them all with the WordPress community \u003Cstrong>100% FREE\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Nowadays we have more than 15 plugins and you can download and use them all for free by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fyydevelopment\u002F\" rel=\"ugc\">Clicking Here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you liked this plugin and you want to help support our cause, \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002Fcoffee-break\u002F?plugin=page-post-notes\" rel=\"nofollow ugc\">buy us a coffee\u003C\u002Fa>. Studies show that coffee helps with creating WordPress plugins.\u003C\u002Fp>\n","Simple plugin that allow you to notes on pages and posts",1000,14163,88,11,"2025-12-10T03:45:00.000Z","5.2.4",[117,21,22,118,24],"memo","page-notes","https:\u002F\u002Fwww.yydevelopment.com\u002Fyydevelopment-wordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-post-notes.1.3.5.zip",99,1,"2025-11-06 17:14:46",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":135,"last_updated":136,"tested_up_to":97,"requires_at_least":137,"requires_php":25,"tags":138,"homepage":139,"download_link":140,"security_score":141,"vuln_count":122,"unpatched_count":122,"last_vuln_date":142,"fetched_at":31},"notely","Notely","1.9.0","Rocket Apps","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikeyott\u002F","\u003Cp>Create admin text notes for any post, page or custom post type.\u003C\u002Fp>\n\u003Ch3>How To Use\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>Settings\u003C\u002Fstrong> -> \u003Cstrong>Notely\u003C\u002Fstrong>, choose which post types to enable for and set any other desired options.\u003C\u002Fli>\n\u003Cli>Hit the \u003Cstrong>Save Settings\u003C\u002Fstrong> button.\u003C\u002Fli>\n\u003Cli>You will now see a \u003Cstrong>Notes\u003C\u002Fstrong> metabox when you create or edit.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Official website and support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fnotely\" rel=\"ugc\">Notely support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>More options with \u003Ca href=\"https:\u002F\u002Frocketapps.com.au\u002Fproduct\u002Fnotely-pro\u002F?origin=notely\" rel=\"nofollow ugc\">Notely Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketapps.com.au\u002Fshop\u002F?origin=notely\" rel=\"nofollow ugc\">More awesome plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frocketapps.com.au\u002Fwproject-theme\u002F?origin=notely\" rel=\"nofollow ugc\">Project Management built on WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Create admin text notes for any post, page or custom post type.",700,16889,96,13,"2026-03-04T01:09:00.000Z","4.0",[117,22,118,24],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnotely\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotely.1.9.0.zip",78,"2025-09-26 00:00:00",{"slug":144,"name":145,"version":146,"author":147,"author_profile":148,"description":149,"short_description":150,"active_installs":151,"downloaded":152,"rating":29,"num_ratings":29,"last_updated":25,"tested_up_to":97,"requires_at_least":153,"requires_php":154,"tags":155,"homepage":25,"download_link":158,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":159},"beckin-post-notes","Beckin Post Notes","1.1.4","Beckin","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeckin\u002F","\u003Cp>\u003Cstrong>Beckin Post Notes\u003C\u002Fstrong> gives editors a fast, private way to attach notes to individual \u003Cem>posts, pages, and custom post types\u003C\u002Fem>, right where they work. Notes are stored as post meta and only visible to users who can edit the post.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why it’s unique\u003C\u002Fstrong>\u003Cbr \u002F>\n1. Most “notes” plugins add \u003Cem>global dashboard notes\u003C\u002Fem>. This one is \u003Cstrong>contextual\u003C\u002Fstrong>, notes live \u003Cem>on the post or page itself\u003C\u002Fem> and appear in the list table.\u003Cbr \u002F>\n2. \u003Cstrong>Zero clutter:\u003C\u002Fstrong> no admin menus, no persistent banners, no database tables.\u003Cbr \u002F>\n3. \u003Cstrong>Clean and compliant:\u003C\u002Fstrong> sanitized input, nonces, capability checks, no direct SQL.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n– Side metabox labeled automatically (e.g. “Post Note” or “Page Note”).\u003Cbr \u002F>\n– “Note” column in the list table with a note 📝 icon when a note exists.\u003Cbr \u002F>\n– New \u003Cstrong>filter dropdown\u003C\u002Fstrong>: quickly show only posts \u003Cem>with\u003C\u002Fem> or \u003Cem>without\u003C\u002Fem> notes.\u003Cbr \u002F>\n– Only users who can edit the post can view or edit its note.\u003Cbr \u002F>\n– Extendable: use \u003Ccode>beckin_postnotes_supported_post_types\u003C\u002Fcode> to enable notes on custom post types.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Extendable Example\u003C\u002Fstrong>:\u003Cbr \u002F>\nSimply add a small snippet of code in a theme or by using a code snippet plugin\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'beckin_postnotes_supported_post_types', fn( $types ) => array_merge( $types, [ 'your_custom_post_type' ] ) );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>🌟 Like our plugin? Find it useful? Please consider sharing your experience by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbeckin-post-notes\u002Freviews\u002F\" rel=\"ugc\">leaving a review on WordPress.org\u003C\u002Fa>. Your feedback is instrumental to shaping our future growth!\u003C\u002Fp>\n","Add private admin notes to posts, pages, and custom post types - simple, fast, and clutter-free.",10,327,"6.8","8.0",[156,157,22,118,24],"admin-notes","custom-post-type-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeckin-post-notes.1.1.4.zip","2026-03-15T10:48:56.248Z",{"slug":161,"name":162,"version":163,"author":164,"author_profile":165,"description":166,"short_description":167,"active_installs":29,"downloaded":168,"rating":29,"num_ratings":29,"last_updated":169,"tested_up_to":170,"requires_at_least":137,"requires_php":25,"tags":171,"homepage":25,"download_link":175,"security_score":176,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"admin-backend-color-coded-post-notes","Admin Backend Color Coded Post Notes","0.2","The 215 Guys","https:\u002F\u002Fprofiles.wordpress.org\u002Fthe215guys\u002F","\u003Cp>Admin Backend Color Coded Post Notes is a simple yet powerful plugin that helps administrators leave color-coded notes on posts and pages within the WordPress editor. This ensures clear communication and organized editorial workflows.\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customizable Notes: Add notes to any post or page with your chosen color for easy identification.\u003C\u002Fli>\n\u003Cli>Easy to Use: Simple interface within the post editor for adding and viewing notes.\u003C\u002Fli>\n\u003Cli>Visual Indicators: Color-coded notes make it easy to spot important information at a glance.\u003C\u002Fli>\n\u003Cli>Admin Only: Notes are visible only to users with administrative privileges, ensuring they don’t affect front-end display.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use Cases\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Editorial Teams: Streamline communication and feedback directly within the post editor.\u003C\u002Fli>\n\u003Cli>Project Management: Keep track of tasks and progress with color-coded notes.\u003C\u002Fli>\n\u003Cli>Personal Notes: Administrators can leave reminders or important information about posts and pages.\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows administrators to leave color-coded notes on posts and pages within the editor, ensuring clear and organized communication.",917,"2024-08-01T16:03:00.000Z","6.6.5",[172,173,174,22,24],"admin","backend","color-coded","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-backend-color-coded-post-notes.0.2.zip",92,{"attackSurface":178,"codeSignals":236,"taintFlows":255,"riskAssessment":256,"analyzedAt":263},{"hooks":179,"ajaxHandlers":221,"restRoutes":228,"shortcodes":229,"cronEvents":234,"entryPointCount":235,"unprotectedCount":29},[180,187,190,192,196,200,204,207,210,213,217],{"type":181,"name":182,"callback":183,"priority":184,"file":185,"line":186},"action","admin_menu","registerPage",8,"simple-post-notes.php",75,{"type":181,"name":188,"callback":189,"priority":151,"file":185,"line":84},"admin_init","registerSettings",{"type":181,"name":188,"callback":191,"priority":151,"file":185,"line":141},"addColumns",{"type":181,"name":193,"callback":194,"priority":151,"file":185,"line":195},"admin_enqueue_scripts","enqueueScriptsAndStyles",80,{"type":181,"name":197,"callback":198,"file":185,"line":199},"add_meta_boxes","addMetaBox",82,{"type":181,"name":201,"callback":202,"file":185,"line":203},"save_post","saveNote",84,{"type":181,"name":201,"callback":205,"file":185,"line":206},"saveQuickeditNote",85,{"type":181,"name":208,"callback":209,"priority":151,"file":185,"line":112},"bulk_edit_custom_box","addQuickEditField",{"type":181,"name":211,"callback":209,"priority":151,"file":185,"line":212},"quick_edit_custom_box",89,{"type":181,"name":214,"callback":215,"file":185,"line":216},"pre_get_posts","queryOrderby",93,{"type":181,"name":218,"callback":219,"file":185,"line":220},"init","closure",575,[222],{"action":223,"nopriv":224,"callback":225,"hasNonce":226,"hasCapCheck":226,"file":185,"line":227},"spnote_save_bulk_edit",false,"saveBulkeditNote",true,86,[],[230],{"tag":231,"callback":232,"file":185,"line":233},"spnote","shortcodeCallback",91,[],2,{"dangerousFunctions":237,"sqlUsage":238,"outputEscaping":240,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":250,"bundledLibraries":251},[],{"prepared":29,"raw":29,"locations":239},[],{"escaped":241,"rawEcho":28,"locations":242},20,[243,246,248],{"file":185,"line":244,"context":245},259,"raw output",{"file":185,"line":247,"context":245},491,{"file":185,"line":249,"context":245},534,4,[252],{"name":253,"version":38,"knownCves":254},"jQuery",[],[],{"summary":257,"deductions":258},"The static analysis of simple-post-notes v1.8.1 reveals a generally good security posture with several strong practices in place. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. The plugin also demonstrates robust use of nonces and capability checks for its entry points, and importantly, the taint analysis found no vulnerabilities.  However, the vulnerability history presents a significant concern. The plugin has had three documented medium-severity vulnerabilities, including CSRF and XSS. While there are currently no unpatched vulnerabilities, the recurring nature of these issues suggests a pattern of introducing flaws that require patching, indicating potential weaknesses in the development or review process.\n\nThe primary risk lies not in the current code's direct entry points, which appear protected, but in the historical tendency for vulnerabilities to emerge. The past medium-severity XSS and CSRF issues, even if patched, highlight potential areas where input validation or output escaping might be insufficient in certain contexts or future updates. The high percentage of properly escaped outputs (87%) is positive, but the remaining 13% could still be a vector for the types of XSS vulnerabilities seen historically.  While the plugin has strengths in its modern coding practices, the vulnerability history necessitates vigilance and suggests that ongoing security audits and thorough testing are crucial to prevent future occurrences of similar issues.",[259,261],{"reason":260,"points":241},"Historical medium severity vulnerabilities (3)",{"reason":262,"points":250},"13% of outputs not properly escaped","2026-03-16T17:50:49.423Z",{"wat":265,"direct":274},{"assetPaths":266,"generatorPatterns":268,"scriptPaths":269,"versionParams":271},[267],"\u002Fwp-content\u002Fplugins\u002Fsimple-post-notes\u002Fcss\u002Fsimple-post-notes.css",[],[270],"\u002Fwp-content\u002Fplugins\u002Fsimple-post-notes\u002Fjs\u002Fsimple-post-notes.js",[272,273],"simple-post-notes\u002Fcss\u002Fsimple-post-notes.css?ver=","simple-post-notes\u002Fjs\u002Fsimple-post-notes.js?ver=",{"cssClasses":275,"htmlComments":279,"htmlAttributes":280,"restEndpoints":283,"jsGlobals":284,"shortcodeOutput":285},[276,277,278],"inline-edit-col-right","inline-edit-group","spnote-",[],[281,282],"name=\"spnote\"","placeholder",[],[],[286],"[spnote]"]