Does ST Admin Notes have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ST Admin Notes compatible with WordPress 6.9.4?

According to WordPress.org data, ST Admin Notes 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ST Admin Notes compatible with PHP 7.2+?

ST Admin Notes requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ST Admin Notes updated?

ST Admin Notes was last updated on Jan 15, 2026. Frequent updates are generally a positive security signal.

What is ST Admin Notes's security score?

ST Admin Notes has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ST Admin Notes Security & Risk Analysis

wordpress.org/plugins/st-admin-notes

A lightweight draggable admin notes plugin that lets you create sticky notes directly in the WordPress admin area.

0 active installs v1.0.0 PHP 7.2+ WP 5.0+ Updated Jan 15, 2026

adminadmin-toolsnotesproductivitysticky-notes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ST Admin Notes Safe to Use in 2026?

Generally Safe

Score 100/100

ST Admin Notes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The st-admin-notes plugin version 1.0.0 exhibits a mixed security posture. On the positive side, the code demonstrates strong adherence to secure coding practices regarding SQL queries, ensuring all are properly prepared, and all output is correctly escaped. Furthermore, there are no recorded vulnerabilities (CVEs) or past security incidents, suggesting a historically stable plugin. However, a significant concern arises from the attack surface analysis. The plugin exposes 5 AJAX handlers, all of which are missing authentication checks. This creates a direct and critical pathway for unauthenticated users to interact with potentially sensitive functionalities. While taint analysis shows no immediate issues, the unprotected AJAX endpoints represent a substantial risk that could be exploited if any of these handlers are susceptible to manipulation. The presence of nonce checks and capability checks on some functions is a positive indicator, but their absence on all AJAX handlers negates much of this benefit. The plugin would significantly improve its security by implementing proper authentication and authorization on all AJAX endpoints.

Key Concerns

AJAX handlers without authentication checks
Large attack surface from unprotected AJAX handlers

Vulnerabilities

None known

ST Admin Notes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ST Admin Notes Release Timeline

v1.0.0Current

Code Analysis

Analyzed Apr 16, 2026

ST Admin Notes Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

81 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped81 total outputs

Attack Surface

5 unprotected

ST Admin Notes Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_stn_update_noteincludes/class-st-admin-notes.php:52

authwp_ajax_stn_delete_noteincludes/class-st-admin-notes.php:53

authwp_ajax_stn_add_noteincludes/class-st-admin-notes.php:54

authwp_ajax_stn_toggle_overlayincludes/class-st-admin-notes.php:55

authwp_ajax_stn_fetch_notesincludes/class-st-admin-notes.php:56

WordPress Hooks 6

actionplugins_loadedincludes/class-st-admin-notes.php:39

actionadmin_enqueue_scriptsincludes/class-st-admin-notes.php:47

actionadmin_enqueue_scriptsincludes/class-st-admin-notes.php:48

actionadmin_menuincludes/class-st-admin-notes.php:49

actionadmin_footerincludes/class-st-admin-notes.php:50

actionadmin_bar_menuincludes/class-st-admin-notes.php:51

Maintenance & Trust

ST Admin Notes Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 15, 2026

PHP min version7.2

Downloads136

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ST Admin Notes Alternatives

Sticky Notes for WP Dashboard

wb-sticky-notes

Create sticky notes in your WP admin for reminders and to-dos. Restrict notes by user roles and disable them on specific pages.

1K 1 CVE

Noted!

noted

A simple, lightweight, and user-friendly note-taking system within the WordPress admin.

900 No CVEs

Custom Sticky Notes

custom-sticky-notes

Add simple sticky notes in the WordPress admin bar.

20 No CVEs

T4P Dashboard Notes

t4p-dashboard-notes

100

Add colored, formatted dashboard notes with titles and drag-and-drop widgets for internal admin documentation and reminders.

10 No CVEs

AdminHero

admin-hero

100

Admin notes for website administrators, accessible via a modal that lets you write, edit, and save notes directly within the WordPress dashboard.

0 No CVEs

Developer Profile

ST Admin Notes Developer Profile

subhamt411

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ST Admin Notes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/st-admin-notes/admin/css/st-admin-notes-admin.css

Script Paths

/wp-content/plugins/st-admin-notes/admin/js/st-admin-notes-admin.js

Version Parameters

st-admin-notes-admin.css?ver=st-admin-notes-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

st-notes-admin-card

Data Attributes

data-stn-iddata-stn-colordata-stn-titledata-stn-contentdata-stn-activedata-stn-pos-x+4 more

JS Globals

st_admin_notes_data

FAQ