[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdQHA6b0xX8b0z623TAMoXC9OmPSLfYAG1cBvhsBQSbc":3,"$fb_N8bM8sPGkIwGeQYKkpjxkIU43dmsta5UZqGGEZKzY":270,"$f0PgdnRc1DjV4YbbDzsipgQbXIXA8vStZDx69jTa8SBE":274},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":67,"crawl_stats":39,"alternatives":74,"analysis":169,"fingerprints":254},"user-notes","User Notes","2.0.0","cartpauj","https:\u002F\u002Fprofiles.wordpress.org\u002Fcartpauj\u002F","\u003Cp>This plugin adds a text editor area to each User Profile in the dashboard for Administrators to keep private notes about each User. The notes are ONLY visible to Administrators — that’s the whole point! It also adds a column to the “All Users” list where you can quickly see the note for the user without having to even open their profile.\u003C\u002Fp>\n\u003Cp>It is especially handy for \u003Ca href=\"http:\u002F\u002Fwww.memberpress.com\u002F?aff=20\" title=\"Best membership plugin for WordPress\" rel=\"nofollow ugc\">Membership Sites\u003C\u002Fa> where you may have thousands of members to deal with and need to remember special circumstances for them.\u003C\u002Fp>\n","Keep private notes about each of your users that only Administrators can see.",900,15223,96,15,"2026-04-12T20:46:00.000Z","6.9.4","6.0","",[20,21,22,23,24],"admin-notes","note","private-notes","secure-notes","user","https:\u002F\u002Fgithub.com\u002Fcartpauj\u002Fuser-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.2.0.0.zip",98,2,0,"2025-09-26 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,52],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-60136","user-notes-authenticated-administrator-stored-cross-site-scripting","User Notes \u003C= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The User Notes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.0.2","1.0.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-26 15:19:16",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F703e251f-734d-4a7d-8b67-897aa6986b8c?source=api-prod",154,[],false,{"id":53,"url_slug":54,"title":55,"description":56,"plugin_slug":4,"theme_slug":39,"affected_versions":57,"patched_in_version":58,"severity":42,"cvss_score":59,"cvss_vector":60,"vuln_type":45,"published_date":61,"updated_date":62,"references":63,"days_to_patch":65,"patch_diff_files":66,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"WF-f5bdf47a-1116-4d3a-8ded-89d76b5a6f82-user-notes","user-notes-cross-site-scripting","User Notes \u003C= 1.0.1 - Cross-Site Scripting","The User Notes plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including 1.0.1, due to insufficient input sanitization and output escaping on the 'user_notes_note' parameter. This makes it possible for users with access to add user notes to inject malicious web scripts that could execute whenever a victim accesses a user's profile page.","\u003C=1.0.1","1.0.2",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2021-04-12 00:00:00","2024-01-22 19:56:02",[64],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff5bdf47a-1116-4d3a-8ded-89d76b5a6f82?source=api-prod",1016,[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":68,"total_installs":69,"avg_security_score":70,"avg_patch_time_days":71,"trust_score":72,"computed_at":73},6,31900,99,1225,78,"2026-05-19T20:42:01.266Z",[75,98,120,137,151],{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":95,"download_link":96,"security_score":97,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"a-note-above-wp-dashboard-notes","A Note Above – WP Dashboard Notes","2.0.2","brownbrowniebrownerson","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrownbrowniebrownerson\u002F","\u003Cp>A Note Above allows you to save notes on your WP Admin Dashboard. After installing A Note Above a widget will be added to your Dashboard. Add as many notes as you would like. Share your notes by role or keep a note to yourself.\u003Cbr \u002F>\nEach note is collapsed. Simply click on the title of your note to reveal the notes contents.\u003C\u002Fp>\n","A WordPress Note taking system to live on your WP Admin dashboard.",50,2069,100,1,"2023-11-12T00:57:00.000Z","6.4.8","5.0","7.0",[20,92,93,4,94],"dashboard-notes","notes","wp-notes","https:\u002F\u002Fjoshbrown-designs.com\u002Fa-note-above\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fa-note-above-wp-dashboard-notes.2.0.2.zip",85,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":18,"tags":113,"homepage":116,"download_link":117,"security_score":118,"vuln_count":86,"unpatched_count":86,"last_vuln_date":119,"fetched_at":31},"admin-note","Admin Notes","1.1","minhlaobao","https:\u002F\u002Fprofiles.wordpress.org\u002Fminhlaobao\u002F","\u003Cp>WordPress admin note.\u003Cbr \u002F>\nThanks you for using plugin.\u003C\u002Fp>\n\u003Cp>Welcome to my site: http:\u002F\u002Fbegood.vn\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fbegood.vn\" rel=\"nofollow ugc\">Vietsub\u003C\u002Fa>\u003C\u002Fp>\n","Create notes for admin, one can assign to certain members easily.",10,2879,86,4,"2014-01-23T09:52:00.000Z","3.4.2","3.0.1",[99,114,115,20],"admin-note-add-user","admin-note-user","http:\u002F\u002Fchangeyourthinking.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-note.zip",63,"2025-06-05 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":29,"downloaded":128,"rating":29,"num_ratings":29,"last_updated":129,"tested_up_to":16,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":18,"download_link":136,"security_score":85,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"arunstheme-editorial-notes","Arunstheme Editorial Notes","1.1.1","Arun Paul","https:\u002F\u002Fprofiles.wordpress.org\u002Farunstheme\u002F","\u003Cp>Arunstheme Editorial Notes is a lightweight WordPress editorial workflow plugin that allows administrators and editors to add private internal notes to posts and pages.\u003C\u002Fp>\n\u003Cp>This plugin helps streamline content planning, editorial collaboration, and internal communication directly inside the WordPress dashboard.\u003C\u002Fp>\n\u003Cp>All notes remain completely private and never appear on the website front end.\u003C\u002Fp>\n\u003Cp>✨ Key Features:\u003C\u002Fp>\n\u003Cp>• Add private editorial notes to posts and pages\u003Cbr \u002F>\n• Editorial Status system (Not Started, In Progress, Done)\u003Cbr \u002F>\n• Modern badge-style status UI\u003Cbr \u002F>\n• Status column in Posts & Pages list\u003Cbr \u002F>\n• Filter posts by editorial status\u003Cbr \u002F>\n• Clean and lightweight admin interface\u003Cbr \u002F>\n• No impact on website performance\u003Cbr \u002F>\n• Fully admin-only visibility\u003C\u002Fp>\n\u003Cp>Whether you manage a blog, news site, agency workflow, or content team, Arunstheme Editorial Notes improves WordPress content organization and editorial workflow management.\u003C\u002Fp>\n\u003Ch3>Why Use Arunstheme Editorial Notes?\u003C\u002Fh3>\n\u003Cp>Managing multiple posts can become difficult without a proper internal tracking system. This plugin adds:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Internal editorial comments\u003C\u002Fli>\n\u003Cli>Content progress tracking\u003C\u002Fli>\n\u003Cli>Visual status indicators\u003C\u002Fli>\n\u003Cli>Admin-side filtering system\u003C\u002Fli>\n\u003Cli>Private post notes for teams\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It transforms WordPress into a more structured editorial management system without adding complexity.\u003C\u002Fp>\n","Private editorial notes and status manager for WordPress posts and pages. Filter, track, and manage content workflow easily.",172,"2026-02-23T12:05:00.000Z","5.5","7.2",[20,133,134,135,22],"content-planning","editorial-notes","post-status-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farunstheme-editorial-notes.1.1.1.zip",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":29,"downloaded":145,"rating":85,"num_ratings":86,"last_updated":146,"tested_up_to":16,"requires_at_least":18,"requires_php":131,"tags":147,"homepage":18,"download_link":150,"security_score":85,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"biznotes","BizNotes","1.0.0","Devnet","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevnethr\u002F","\u003Cp>Simplify WooCommerce order collaboration with our lightweight plugin! Leave and access quick notes directly in the order preview window, streamlining teamwork for shop managers and admins. Effortless order management at your fingertips.\u003C\u002Fp>\n\u003Cp>Traditional order management in WooCommerce allows for notes, but the process can be cumbersome, requiring you to open each order individually. Our plugin transforms this experience by enabling admins to leave and view simple text notes directly within the order preview window. This means instant access to crucial information without the hassle of navigating through multiple screens.\u003C\u002Fp>\n\u003Cp>Lightweight and user-friendly, our plugin is a must-have for teams managing orders on WooCommerce. It’s a powerful tool that enhances teamwork by providing a quick and efficient way to communicate essential details about orders. Whether you’re coordinating with multiple admins or streamlining your own workflow, our plugin ensures that you can leave and access important notes effortlessly.\u003C\u002Fp>\n\u003Cp>No complex setup or unnecessary features — just a practical solution to optimize your order management process.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Quick Notes: Leave and access text notes instantly in the order preview window.\u003C\u002Fli>\n\u003Cli>Effortless Collaboration: Streamline teamwork among admins and managers for smoother order management.\u003C\u002Fli>\n\u003Cli>Lightweight Design: A simple and lightweight plugin that doesn’t bog down your WooCommerce store.\u003C\u002Fli>\n\u003Cli>User-Friendly Interface: Intuitive design for easy adoption by store owners and team members.\u003C\u002Fli>\n\u003Cli>Practical Solution: No unnecessary features, just a practical tool to simplify your WooCommerce order management.\u003C\u002Fli>\n\u003Cli>HPOS Compatibility: Fully compatible with High-performance order storage (HPOS), also known as “Custom Order Tables”, ensuring seamless integration with the latest WooCommerce updates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Early Development Notice\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>BizNotes\u003C\u002Fstrong> is in the early stages of development, and we’re committed to enhancing its features over time. We plan to introduce additional functionalities in future updates.\u003C\u002Fp>\n\u003Cp>Your feedback is invaluable! If you have specific requirements or suggestions, please feel free to request a feature in the support forum. We appreciate your support and look forward to making BizNotes even better with your input.\u003C\u002Fp>\n\u003Ch3>Who is plugin for?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>E-commerce Teams: Perfect for online stores with dedicated teams managing orders. Enhance communication among admins for smoother collaboration.\u003C\u002Fli>\n\u003Cli>Multi-Admin Stores: Streamline order management in stores with multiple admins. Improve coordination by leaving and viewing notes effortlessly.\u003C\u002Fli>\n\u003Cli>Teams on the Go: Suited for dynamic teams always on the move. Access important order notes without the need to navigate through multiple screens.\u003C\u002Fli>\n\u003Cli>Efficiency Seekers: For those who value efficiency, our plugin offers a quick and simple solution to optimize the order management process.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We’re here to help. Feel free to open a new thread on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbiznotes\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Reviews\u003C\u002Fh3>\n\u003Cp>It’s funny how much joy all those 5-star reviews bring to our team. It really keeps us going and motivates us to bring more cool features.\u003Cbr \u002F>\nIf you like this plugin, feel free to leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbiznotes\u002Freviews\u002F#new-post\" rel=\"ugc\">review\u003C\u002Fa>.\u003C\u002Fp>\n","Exclusive admin notes for seamless order management among multiple admins. Effortless collaboration, powered up.",1120,"2026-01-14T11:49:00.000Z",[20,148,149,22],"order-note","orders","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbiznotes.1.0.0.zip",{"slug":152,"name":153,"version":154,"author":155,"author_profile":156,"description":157,"short_description":158,"active_installs":159,"downloaded":160,"rating":85,"num_ratings":68,"last_updated":161,"tested_up_to":90,"requires_at_least":162,"requires_php":163,"tags":164,"homepage":18,"download_link":167,"security_score":70,"vuln_count":86,"unpatched_count":29,"last_vuln_date":168,"fetched_at":31},"wb-sticky-notes","Sticky Notes for WP Dashboard","1.2.6","Web Builder 143","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebbuilder143\u002F","\u003Cp>Need a simple way to stay organized inside your WordPress admin area? \u003Cstrong>Sticky Notes for WP Dashboard\u003C\u002Fstrong> lets you add customizable sticky notes right to your dashboard—just like the ones on your desk, but smarter.\u003C\u002Fp>\n\u003Cp>Use it to jot down reminders, create to-do lists, or leave quick notes for other users. Each note can be styled, resized, and moved around to fit the way you work. Whether you’re managing a personal site or running a team, Sticky Notes makes it easy to keep important information front and center.\u003C\u002Fp>\n\u003Ch3>Why you’ll love Sticky Notes for WP Dashboard:\u003C\u002Fh3>\n\u003Cp>– Create as many sticky notes as you need, anywhere in the admin dashboard\u003Cbr \u002F>\n– Change colors, fonts, and themes to match your style\u003Cbr \u002F>\n– Drag and drop notes to position them exactly where you want\u003Cbr \u002F>\n– Show or hide notes with one click\u003Cbr \u002F>\n– Duplicate, archive, and organize notes easily\u003Cbr \u002F>\n– Control who can access notes with user role restrictions\u003Cbr \u002F>\n– Option to hide notes on specific admin pages for a cleaner view\u003C\u002Fp>\n\u003Cp>With an intuitive interface and zero setup required, Sticky Notes for WP Dashboard is a must-have productivity tool for any WP site owner.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create sticky notes directly on your WP admin dashboard  \u003C\u002Fli>\n\u003Cli>Easy-to-use interface for quick note management  \u003C\u002Fli>\n\u003Cli>Customize notes with themes, colors, and fonts  \u003C\u002Fli>\n\u003Cli>Resizable and movable notes for better organization  \u003C\u002Fli>\n\u003Cli>Hide or show notes globally with one click  \u003C\u002Fli>\n\u003Cli>Duplicate notes with a single click  \u003C\u002Fli>\n\u003Cli>Archive notes for future reference  \u003C\u002Fli>\n\u003Cli>Disable sticky notes on specific admin pages  \u003C\u002Fli>\n\u003Cli>Limit note access by user roles\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Our Other Free Plugins\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwb-custom-product-tabs-for-woocommerce\u002F\" rel=\"ugc\">Custom Product Tabs for WooCommerce\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwb-mail-logger\u002F\" rel=\"ugc\">Mail Logger for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Create sticky notes in your WP admin for reminders and to-dos. Restrict notes by user roles and disable them on specific pages.",1000,17184,"2026-03-26T17:19:00.000Z","3.5.0","5.6",[20,92,93,165,166],"reminders","sticky-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwb-sticky-notes.1.2.6.zip","2025-12-31 00:00:00",{"attackSurface":170,"codeSignals":205,"taintFlows":213,"riskAssessment":248,"analyzedAt":253},{"hooks":171,"ajaxHandlers":201,"restRoutes":202,"shortcodes":203,"cronEvents":204,"entryPointCount":29,"unprotectedCount":29},[172,178,181,185,188,193,197],{"type":173,"name":174,"callback":175,"file":176,"line":177},"action","show_user_profile","user_notes_show_field","user-notes.php",52,{"type":173,"name":179,"callback":175,"file":176,"line":180},"edit_user_profile",53,{"type":173,"name":182,"callback":183,"file":176,"line":184},"personal_options_update","user_notes_save_note",68,{"type":173,"name":186,"callback":183,"file":176,"line":187},"edit_user_profile_update",69,{"type":189,"name":190,"callback":191,"file":176,"line":192},"filter","manage_users_columns","user_notes_add_users_column",76,{"type":173,"name":194,"callback":195,"priority":106,"file":176,"line":196},"manage_users_custom_column","user_notes_display_column",111,{"type":173,"name":198,"callback":199,"file":176,"line":200},"admin_enqueue_scripts","user_notes_enqueue_thickbox",120,[],[],[],[],{"dangerousFunctions":206,"sqlUsage":207,"outputEscaping":209,"fileOperations":29,"externalRequests":29,"nonceChecks":86,"capabilityChecks":28,"bundledLibraries":212},[],{"prepared":29,"raw":29,"locations":208},[],{"escaped":210,"rawEcho":29,"locations":211},14,[],[],[214,233],{"entryPoint":215,"graph":216,"unsanitizedCount":29,"severity":232},"user_notes_display_column (user-notes.php:78)",{"nodes":217,"edges":229},[218,223],{"id":219,"type":220,"label":221,"file":176,"line":222},"n0","source","$_SERVER",93,{"id":224,"type":225,"label":226,"file":176,"line":227,"wp_function":228},"n1","sink","echo() [XSS]",103,"echo",[230],{"from":219,"to":224,"sanitized":231},true,"low",{"entryPoint":234,"graph":235,"unsanitizedCount":29,"severity":232},"\u003Cuser-notes> (user-notes.php:0)",{"nodes":236,"edges":245},[237,240,241,243],{"id":219,"type":220,"label":238,"file":176,"line":239},"$_POST (x2)",64,{"id":224,"type":225,"label":226,"file":176,"line":85,"wp_function":228},{"id":242,"type":220,"label":221,"file":176,"line":222},"n2",{"id":244,"type":225,"label":226,"file":176,"line":227,"wp_function":228},"n3",[246,247],{"from":219,"to":224,"sanitized":231},{"from":242,"to":244,"sanitized":231},{"summary":249,"deductions":250},"The \"user-notes\" v1.0.4 plugin exhibits a strong security posture based on static analysis, with no identified vulnerabilities in attack surface, dangerous functions, raw SQL queries, unescaped output, file operations, or external HTTP requests. The presence of nonce and capability checks further strengthens its defensive mechanisms.  Taint analysis also revealed no critical or high severity vulnerabilities, indicating robust input sanitization and handling within the analyzed code flows.\n\nHowever, the plugin's vulnerability history presents a significant concern. With two known medium-severity CVEs, both of which have been addressed according to the data, it suggests a past pattern of security weaknesses. The historical prevalence of Cross-site Scripting (XSS) vulnerabilities, even if patched, indicates a need for continued vigilance. While the current version appears secure based on static analysis, past issues warrant a cautious approach and underscore the importance of timely updates.\n\nIn conclusion, \"user-notes\" v1.0.4 demonstrates excellent static security characteristics, aligning with best practices for secure WordPress plugin development. The absence of immediate threats from the code analysis is commendable. Nevertheless, the historical track record of medium-severity XSS vulnerabilities necessitates a careful evaluation and ongoing monitoring to ensure that past weaknesses do not resurface.",[251],{"reason":252,"points":106},"Past medium severity XSS vulnerabilities","2026-03-16T19:14:04.735Z",{"wat":255,"direct":260},{"assetPaths":256,"generatorPatterns":257,"scriptPaths":258,"versionParams":259},[],[],[],[],{"cssClasses":261,"htmlComments":263,"htmlAttributes":264,"restEndpoints":267,"jsGlobals":268,"shortcodeOutput":269},[262],"user_notes_thickbox",[],[265,266],"id=\"user_notes_thickbox_\"","inlineId=user_notes_thickbox_",[],[],[],{"error":231,"url":271,"statusCode":272,"statusMessage":273,"message":273},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fuser-notes\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":275,"versions":276},7,[277,282,289,296,302,309,318],{"version":6,"download_url":26,"svn_tag_url":278,"released_at":39,"has_diff":51,"diff_files_changed":279,"diff_lines":39,"trac_diff_url":280,"vulnerabilities":281,"is_current":231},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-notes\u002Ftags\u002F2.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fuser-notes%2Ftags%2F1.0.5&new_path=%2Fuser-notes%2Ftags%2F2.0.0",[],{"version":283,"download_url":284,"svn_tag_url":285,"released_at":39,"has_diff":51,"diff_files_changed":286,"diff_lines":39,"trac_diff_url":287,"vulnerabilities":288,"is_current":51},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-notes\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fuser-notes%2Ftags%2F1.0.4&new_path=%2Fuser-notes%2Ftags%2F1.0.5",[],{"version":290,"download_url":291,"svn_tag_url":292,"released_at":39,"has_diff":51,"diff_files_changed":293,"diff_lines":39,"trac_diff_url":294,"vulnerabilities":295,"is_current":51},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-notes\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fuser-notes%2Ftags%2F1.0.3&new_path=%2Fuser-notes%2Ftags%2F1.0.4",[],{"version":41,"download_url":297,"svn_tag_url":298,"released_at":39,"has_diff":51,"diff_files_changed":299,"diff_lines":39,"trac_diff_url":300,"vulnerabilities":301,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-notes\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fuser-notes%2Ftags%2F1.0.2&new_path=%2Fuser-notes%2Ftags%2F1.0.3",[],{"version":58,"download_url":303,"svn_tag_url":304,"released_at":39,"has_diff":51,"diff_files_changed":305,"diff_lines":39,"trac_diff_url":306,"vulnerabilities":307,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-notes\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fuser-notes%2Ftags%2F1.0.1&new_path=%2Fuser-notes%2Ftags%2F1.0.2",[308],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":310,"download_url":311,"svn_tag_url":312,"released_at":39,"has_diff":51,"diff_files_changed":313,"diff_lines":39,"trac_diff_url":314,"vulnerabilities":315,"is_current":51},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-notes\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fuser-notes%2Ftags%2F1.0.0&new_path=%2Fuser-notes%2Ftags%2F1.0.1",[316,317],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":45,"patched_in_version":58},{"version":140,"download_url":319,"svn_tag_url":320,"released_at":39,"has_diff":51,"diff_files_changed":321,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":322,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-notes.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-notes\u002Ftags\u002F1.0.0\u002F",[],[323,324],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":45,"patched_in_version":58}]