WP-Safety

Sticky Note by Dolar Patel Security & Risk Analysis

wordpress.org/plugins/sticky-notes

A Simple plugin to generate Notice Text using Widget.

10 active installs v1.1 PHP + WP 4.2+ Updated Unknown
notice-boardnotice-widgetsticky-notes-widget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Sticky Note by Dolar Patel Safe to Use in 2026?

Generally Safe

Score 100/100

Sticky Note by Dolar Patel has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "sticky-notes" plugin v1.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries by exclusively using prepared statements and has no recorded vulnerability history, suggesting a generally stable codebase. However, the static analysis reveals significant areas of concern. The presence of the `create_function` function is a critical vulnerability signal, as it is deprecated and can be a vector for remote code execution if user-supplied data is passed to it without strict sanitization. Furthermore, a substantial percentage of output is not properly escaped, posing a risk of cross-site scripting (XSS) vulnerabilities. The lack of any nonce or capability checks on entry points, coupled with a zero count for protected entry points, is alarming and leaves the plugin vulnerable to unauthorized actions or data manipulation.

Key Concerns

  • Dangerous function create_function used
  • Low output escaping percentage
  • No nonce checks on entry points
  • No capability checks on entry points
Vulnerabilities
None known

Sticky Note by Dolar Patel Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Sticky Note by Dolar Patel Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
25
5 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("stn_plugin");'));widget_plugin.php:120

Output Escaping

17% escaped30 total outputs
Attack Surface

Sticky Note by Dolar Patel Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initwidget_plugin.php:120
Maintenance & Trust

Sticky Note by Dolar Patel Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedUnknown
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings4
Active installs10
Alternatives

Sticky Note by Dolar Patel Alternatives

No alternatives data available yet.

Developer Profile

Sticky Note by Dolar Patel Developer Profile

DolarPatel

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sticky Note by Dolar Patel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sticky-notes/assests/css/sticky.css/wp-content/plugins/sticky-notes/assests/js/jscolor.js
Script Paths
/wp-content/plugins/sticky-notes/assests/js/jscolor.js
Version Parameters
sticky-notes/assests/css/sticky.css?ver=sticky-notes/assests/js/jscolor.js?ver=

HTML / DOM Fingerprints

CSS Classes
sticky_coversticky_cover_titlesticky_cover_text
Data Attributes
data-field-iddata-field-name
FAQ

Frequently Asked Questions about Sticky Note by Dolar Patel