[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcpgqO22Y_3kwtegTSJ9E9vplprbZIBRwq--221cQtSc":3,"$fLQCsNfJ_dQP9dSk6bESkx-fbJW8QGgMnZWR5FdL02Ow":324,"$fe6wE18qJvZfsjKyAcn4p5zsz_pONVfFMKbHxdE3paKs":328},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":80,"crawl_stats":39,"alternatives":88,"analysis":184,"fingerprints":297},"wp-dashboard-notes","WP Dashboard Notes","1.0.13","Jeroen Sormani","https:\u002F\u002Fprofiles.wordpress.org\u002Fsormano\u002F","\u003Cp>Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Colored notes\u003C\u002Fli>\n\u003Cli>List notes or regular notes\u003C\u002Fli>\n\u003Cli>Public or private notes\u003C\u002Fli>\n\u003Cli>Edit on dashboard\u003C\u002Fli>\n\u003Cli>Add as many notes as you like\u003C\u002Fli>\n\u003Cli>Drag & drop list items\u003C\u002Fli>\n\u003Cli>No save button needed!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Feature requests, ratings and donations are welcome and appreciated!\u003C\u002Fstrong>\u003C\u002Fp>\n","Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user  &hellip;",20000,249722,92,109,"2026-04-08T12:28:00.000Z","6.8.5","4.0","",[20,21,22,23,24],"admin-note","dashboard-notes","note","notes","to-do-list","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-dashboard-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.13.zip",98,3,0,"2024-08-09 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,52,68],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-43226","wp-dashboard-notes-authenticated-subscriber-stored-cross-site-scripting","WP Dashboard Notes \u003C= 1.0.11 - Authenticated (Subscriber+) Stored Cross-Site Scripting","The WP Dashboard Notes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0.11","1.0.12","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-08-14 18:54:18",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0741bbf2-1098-41f4-a6d4-7e5c8f75f30b?source=api-prod",6,[],false,{"id":53,"url_slug":54,"title":55,"description":56,"plugin_slug":4,"theme_slug":39,"affected_versions":57,"patched_in_version":58,"severity":42,"cvss_score":59,"cvss_vector":60,"vuln_type":61,"published_date":62,"updated_date":63,"references":64,"days_to_patch":66,"patch_diff_files":67,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-7239","wp-dashboard-notes-missing-authorization-to-arbitrary-private-notes-update","WP Dashboard Notes \u003C= 1.0.10 - Missing Authorization to Arbitrary Private Notes Update","The WP Dashboard Notes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdn_update_note AJAX action in all versions up to, and including, 1.0.10. This makes it possible for authenticated attackers, with contributor-level access and above, to modify private notes created by other users.","\u003C=1.0.10","1.0.11",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2024-01-26 00:00:00","2024-01-29 13:10:03",[65],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F64a36778-c17c-44ee-8b09-c221d27184f8?source=api-prod",4,[],{"id":69,"url_slug":70,"title":71,"description":72,"plugin_slug":4,"theme_slug":39,"affected_versions":57,"patched_in_version":58,"severity":42,"cvss_score":59,"cvss_vector":60,"vuln_type":73,"published_date":74,"updated_date":75,"references":76,"days_to_patch":78,"patch_diff_files":79,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-7198","wp-dashboard-notes-insecure-direct-object-references-to-authenticated-private-note-deletion","WP Dashboard Notes \u003C= 1.0.10 - Insecure Direct Object References to Authenticated Private Note Deletion","The WP Dashboard Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.10 via the 'post_id' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers to delete private notes associated with other user accounts.","Authorization Bypass Through User-Controlled Key","2023-12-19 00:00:00","2024-03-22 17:46:06",[77],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa6f1233b-55d6-488a-8667-b5454f71020c?source=api-prod",95,[],{"slug":81,"display_name":7,"profile_url":8,"plugin_count":82,"total_installs":83,"avg_security_score":84,"avg_patch_time_days":85,"trust_score":86,"computed_at":87},"sormano",10,91530,94,35,84,"2026-05-19T21:15:06.338Z",[89,109,130,148,166],{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":82,"downloaded":97,"rating":29,"num_ratings":29,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":105,"download_link":106,"security_score":107,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":108},"noteflow","NoteFlow – Smart Notes Manager for WordPress Admin","1.6.0","Ankit Panchal","https:\u002F\u002Fprofiles.wordpress.org\u002Fankitmaru\u002F","\u003Cp>\u003Cstrong>NoteFlow\u003C\u002Fstrong> is a lightweight and powerful notes management plugin designed for WordPress administrators. Whether you need to jot down quick reminders, manage tasks, or organize ideas, NoteFlow makes it easy to create, organize, and manage your notes directly from your WordPress dashboard.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple and intuitive note creation\u003C\u002Fli>\n\u003Cli>Rich text editor with formatting options\u003C\u002Fli>\n\u003Cli>Pin important notes to the top\u003C\u002Fli>\n\u003Cli>Quick search functionality\u003C\u002Fli>\n\u003Cli>Color-coding for better organization\u003C\u002Fli>\n\u003Cli>Clean and user-friendly interface\u003C\u002Fli>\n\u003Cli>Responsive design\u003C\u002Fli>\n\u003Cli>Lightweight and optimized performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Content ideas and drafts\u003C\u002Fli>\n\u003Cli>Task management\u003C\u002Fli>\n\u003Cli>Quick reminders\u003C\u002Fli>\n\u003Cli>Team communications\u003C\u002Fli>\n\u003Cli>Project notes\u003C\u002Fli>\n\u003Cli>Editorial calendars\u003C\u002Fli>\n\u003Cli>Bug tracking\u003C\u002Fli>\n\u003Cli>Feature requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>NoteFlow does not collect any personal data. All notes are stored locally in your WordPress database, ensuring full compliance with GDPR and other privacy regulations.\u003C\u002Fp>\n","A simple and efficient notes manager for WordPress admin dashboard. Create, organize, and manage your notes directly from WordPress.",731,"2026-02-24T07:22:00.000Z","6.9.4","5.2","7.2",[103,21,23,104,24],"admin-notes","task-management","https:\u002F\u002Fpluginstack.dev","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnoteflow.1.6.0.zip",100,"2026-04-06T09:54:40.288Z",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":107,"num_ratings":49,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":18,"download_link":126,"security_score":127,"vuln_count":128,"unpatched_count":29,"last_vuln_date":129,"fetched_at":31},"wb-sticky-notes","Sticky Notes for WP Dashboard","1.2.6","Web Builder 143","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebbuilder143\u002F","\u003Cp>Need a simple way to stay organized inside your WordPress admin area? \u003Cstrong>Sticky Notes for WP Dashboard\u003C\u002Fstrong> lets you add customizable sticky notes right to your dashboard—just like the ones on your desk, but smarter.\u003C\u002Fp>\n\u003Cp>Use it to jot down reminders, create to-do lists, or leave quick notes for other users. Each note can be styled, resized, and moved around to fit the way you work. Whether you’re managing a personal site or running a team, Sticky Notes makes it easy to keep important information front and center.\u003C\u002Fp>\n\u003Ch3>Why you’ll love Sticky Notes for WP Dashboard:\u003C\u002Fh3>\n\u003Cp>– Create as many sticky notes as you need, anywhere in the admin dashboard\u003Cbr \u002F>\n– Change colors, fonts, and themes to match your style\u003Cbr \u002F>\n– Drag and drop notes to position them exactly where you want\u003Cbr \u002F>\n– Show or hide notes with one click\u003Cbr \u002F>\n– Duplicate, archive, and organize notes easily\u003Cbr \u002F>\n– Control who can access notes with user role restrictions\u003Cbr \u002F>\n– Option to hide notes on specific admin pages for a cleaner view\u003C\u002Fp>\n\u003Cp>With an intuitive interface and zero setup required, Sticky Notes for WP Dashboard is a must-have productivity tool for any WP site owner.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Create sticky notes directly on your WP admin dashboard  \u003C\u002Fli>\n\u003Cli>Easy-to-use interface for quick note management  \u003C\u002Fli>\n\u003Cli>Customize notes with themes, colors, and fonts  \u003C\u002Fli>\n\u003Cli>Resizable and movable notes for better organization  \u003C\u002Fli>\n\u003Cli>Hide or show notes globally with one click  \u003C\u002Fli>\n\u003Cli>Duplicate notes with a single click  \u003C\u002Fli>\n\u003Cli>Archive notes for future reference  \u003C\u002Fli>\n\u003Cli>Disable sticky notes on specific admin pages  \u003C\u002Fli>\n\u003Cli>Limit note access by user roles\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Our Other Free Plugins\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwb-custom-product-tabs-for-woocommerce\u002F\" rel=\"ugc\">Custom Product Tabs for WooCommerce\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwb-mail-logger\u002F\" rel=\"ugc\">Mail Logger for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Create sticky notes in your WP admin for reminders and to-dos. Restrict notes by user roles and disable them on specific pages.",1000,17184,"2026-03-26T17:19:00.000Z","7.0","3.5.0","5.6",[103,21,23,124,125],"reminders","sticky-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwb-sticky-notes.1.2.6.zip",99,1,"2025-12-31 00:00:00",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":107,"num_ratings":82,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":18,"tags":143,"homepage":145,"download_link":146,"security_score":147,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"lh-dashboard-notes","LH Dashboard Notes","1.09","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>LH Dashboard Notes allow you to insert noes on your wp-admin dashboard for your users using the post editor interface. If this plugin is network activated the insertion and editing of these dashboard notes is centralised on the main site of your multisite install. Allowing you to set Dashboard notes that are viewed throughout your multisite network.\u003C\u002Fp>\n","Allows you to create and edit notes that appear on the admin dashboard",500,10062,"2018-05-09T02:44:00.000Z","4.9.29","3.6",[20,21,22,23,144],"wordpress-notes","https:\u002F\u002Flhero.org\u002Fplugins\u002Flh-dashboard-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-dashboard-notes.zip",85,{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":156,"downloaded":157,"rating":107,"num_ratings":128,"last_updated":158,"tested_up_to":159,"requires_at_least":160,"requires_php":120,"tags":161,"homepage":164,"download_link":165,"security_score":147,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"a-note-above-wp-dashboard-notes","A Note Above – WP Dashboard Notes","2.0.2","brownbrowniebrownerson","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrownbrowniebrownerson\u002F","\u003Cp>A Note Above allows you to save notes on your WP Admin Dashboard. After installing A Note Above a widget will be added to your Dashboard. Add as many notes as you would like. Share your notes by role or keep a note to yourself.\u003Cbr \u002F>\nEach note is collapsed. Simply click on the title of your note to reveal the notes contents.\u003C\u002Fp>\n","A WordPress Note taking system to live on your WP Admin dashboard.",50,2069,"2023-11-12T00:57:00.000Z","6.4.8","5.0",[103,21,23,162,163],"user-notes","wp-notes","https:\u002F\u002Fjoshbrown-designs.com\u002Fa-note-above\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fa-note-above-wp-dashboard-notes.2.0.2.zip",{"slug":167,"name":168,"version":169,"author":170,"author_profile":171,"description":172,"short_description":173,"active_installs":29,"downloaded":174,"rating":29,"num_ratings":29,"last_updated":175,"tested_up_to":120,"requires_at_least":176,"requires_php":177,"tags":178,"homepage":182,"download_link":183,"security_score":107,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"keepinmind-dashboard-notes","KeepInMind Dashboard Notes","0.8.2.5","Elchanan Levavi","https:\u002F\u002Fprofiles.wordpress.org\u002Felchananlevavi\u002F","\u003Cp>\u003Cstrong>KeepInMind Dashboard Notes\u003C\u002Fstrong> turns your WordPress dashboard into a collaborative workspace. Place notes directly on any admin page – anchored to the exact element you’re talking about. No more Slack messages saying “that field on the product edit page” – just click, write your note, and your team sees it right where it matters.\u003C\u002Fp>\n\u003Ch4>Why KeepInMind Dashboard Notes?\u003C\u002Fh4>\n\u003Cp>Every WordPress team has the same problem: communicating about the dashboard itself. Which settings need changing? What does this custom field do? Why is this item configured this way?\u003C\u002Fp>\n\u003Cp>KeepInMind Dashboard Notes solves this by letting you \u003Cstrong>pin notes directly to dashboard elements\u003C\u002Fstrong> – like sticky notes for your admin area, but smarter.\u003C\u002Fp>\n\u003Cp>Here are just a few real-world scenarios where it shines:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You temporarily \u003Cstrong>disable a plugin\u003C\u002Fstrong> to test whether it’s causing a conflict. Drop a Warning note on the Plugins page so everyone knows it was turned off on purpose – and so you remember to check back in three weeks.\u003C\u002Fli>\n\u003Cli>You installed a plugin for one very specific reason that isn’t obvious. Pin a note to it explaining why it’s there, so another admin – or future you – doesn’t delete it thinking it’s unused.\u003C\u002Fli>\n\u003Cli>A client keeps changing a setting that breaks their site. Attach an always-visible Alert banner right next to that toggle: \u003Cstrong>“Do not change – this controls the checkout redirect.”\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Your developer configured a custom field with a non-obvious format. Leave a note on the field itself explaining what values are expected, so the content team doesn’t have to guess.\u003C\u002Fli>\n\u003Cli>You’re onboarding a new team member. Instead of writing a separate training doc, scatter helpful Attention banners across the pages they’ll use most – guidance that shows up exactly where they need it.\u003C\u002Fli>\n\u003Cli>You’re running a staging review before launch. Pin notes to every area that needs a final check, and let your team reply with updates as they work through the list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Pin Notes Anywhere\u003C\u002Fstrong>\u003Cbr \u002F>\nClick any element on any admin page to leave a note. Your note stays anchored to that exact element – a form field, a menu item, a settings toggle, a table row. When your teammate visits the page, they see the note marker right where it belongs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Rich Text Editing\u003C\u002Fstrong>\u003Cbr \u002F>\nFormat your notes with \u003Cstrong>bold text\u003C\u002Fstrong>, \u003Ca href=\"https:\u002F\u002F\" rel=\"nofollow ugc\">links\u003C\u002Fa>, and text colors. The floating toolbar appears on text selection.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two Note Types:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Pinned Note\u003C\u002Fstrong> – Appears as a marker on the page. Click to open and manage a threaded discussion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Open Note\u003C\u002Fstrong> – Always visible inline. Choose a color to highlight the note based on its importance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>@Mention Teammates\u003C\u002Fstrong>\u003Cbr \u002F>\nType \u003Ccode>@\u003C\u002Fcode> to mention any allowed user. They’ll receive an email notification with your note. Autocomplete helps you find the right person fast – just keep typing to filter.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Private notes\u003C\u002Fstrong>\u003Cbr \u002F>\nMark any note as private so only you can see it. Perfect for personal reminders and work-in-progress notes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Threaded Replies\u003C\u002Fstrong>\u003Cbr \u002F>\nEvery note supports full threaded replies. Keep conversations organized and contextual without cluttering the page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Drag & Relocate\u003C\u002Fstrong>\u003Cbr \u002F>\nNotes can be dragged to a new element if the page layout changes. Grab the drag grip and drop it on the right spot – all replies move with it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note Scoping\u003C\u002Fstrong>\u003Cbr \u002F>\nOn entity pages (posts, terms, users), choose whether your note applies to \u003Cstrong>this specific item\u003C\u002Fstrong> or \u003Cstrong>all items of this type\u003C\u002Fstrong>.  For example, a note on the “Blue T-Shirt” edit page can be scoped just to that product – or to the edit page of all products.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Global Notes\u003C\u002Fstrong>\u003Cbr \u002F>\nPin notes to the admin bar or other persistent elements to create site-wide notes visible on every admin page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Configurable Permissions\u003C\u002Fstrong>\u003Cbr \u002F>\nControl exactly who can add notes and who can edit or delete:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Role-based access\u003C\u002Fstrong> – Choose which roles can use the plugin (Administrator is always included).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-level access\u003C\u002Fstrong> – Whitelist specific users regardless of role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Edit\u002FDelete\u002FRelocate policies\u003C\u002Fstrong> – Author only, role hierarchy (strict or relaxed), or everybody.\u003C\u002Fli>\n\u003C\u002Ful>\n","Leave contextual notes on any WordPress admin page. Pin notes to specific elements, collaborate with your team, and stay on top of admin tasks.",55,"2026-04-16T09:48:00.000Z","5.8","7.4",[179,103,21,180,181],"admin-annotations","internal-notes","team-collaboration","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkeepinmind-dashboard-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeepinmind-dashboard-notes.0.8.2.5.zip",{"attackSurface":185,"codeSignals":228,"taintFlows":255,"riskAssessment":283,"analyzedAt":296},{"hooks":186,"ajaxHandlers":210,"restRoutes":225,"shortcodes":226,"cronEvents":227,"entryPointCount":66,"unprotectedCount":29},[187,193,198,203,206],{"type":188,"name":189,"callback":190,"file":191,"line":192},"action","init","register_post_type","includes\\class-note-post-type.php",25,{"type":188,"name":194,"callback":195,"file":196,"line":197},"admin_bar_menu","admin_bar_add_note","includes\\class-wpdn-admin.php",24,{"type":188,"name":199,"callback":200,"file":201,"line":202},"wp_dashboard_setup","wpdn_init_dashboard_widget","wp-dashboard-notes.php",146,{"type":188,"name":204,"callback":204,"file":201,"line":205},"admin_enqueue_scripts",149,{"type":188,"name":207,"callback":208,"file":201,"line":209},"wpdn_content","wpdn_clickable_url",152,[211,216,219,222],{"action":212,"nopriv":51,"callback":212,"hasNonce":213,"hasCapCheck":51,"file":214,"line":215},"wpdn_update_note",true,"includes\\class-wpdn-ajax.php",27,{"action":217,"nopriv":51,"callback":217,"hasNonce":213,"hasCapCheck":51,"file":214,"line":218},"wpdn_toggle_note",28,{"action":220,"nopriv":51,"callback":220,"hasNonce":213,"hasCapCheck":51,"file":214,"line":221},"wpdn_add_note",31,{"action":223,"nopriv":51,"callback":223,"hasNonce":213,"hasCapCheck":51,"file":214,"line":224},"wpdn_delete_note",32,[],[],[],{"dangerousFunctions":229,"sqlUsage":230,"outputEscaping":232,"fileOperations":29,"externalRequests":29,"nonceChecks":66,"capabilityChecks":29,"bundledLibraries":254},[],{"prepared":29,"raw":29,"locations":231},[],{"escaped":233,"rawEcho":234,"locations":235},60,9,[236,239,241,243,245,246,248,250,252],{"file":214,"line":237,"context":238},188,"raw output",{"file":214,"line":240,"context":238},190,{"file":214,"line":242,"context":238},197,{"file":214,"line":244,"context":238},203,{"file":214,"line":244,"context":238},{"file":214,"line":247,"context":238},204,{"file":214,"line":249,"context":238},220,{"file":201,"line":251,"context":238},288,{"file":201,"line":253,"context":238},289,[],[256,274],{"entryPoint":257,"graph":258,"unsanitizedCount":29,"severity":273},"wpdn_toggle_note (includes\\class-wpdn-ajax.php:102)",{"nodes":259,"edges":271},[260,265],{"id":261,"type":262,"label":263,"file":214,"line":264},"n0","source","$_POST (x3)",106,{"id":266,"type":267,"label":268,"file":214,"line":269,"wp_function":270},"n1","sink","echo() [XSS]",131,"echo",[272],{"from":261,"to":266,"sanitized":213},"low",{"entryPoint":275,"graph":276,"unsanitizedCount":29,"severity":273},"\u003Cclass-wpdn-ajax> (includes\\class-wpdn-ajax.php:0)",{"nodes":277,"edges":281},[278,280],{"id":261,"type":262,"label":279,"file":214,"line":264},"$_POST (x7)",{"id":266,"type":267,"label":268,"file":214,"line":269,"wp_function":270},[282],{"from":261,"to":266,"sanitized":213},{"summary":284,"deductions":285},"The \"wp-dashboard-notes\" plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and having a high percentage of properly escaped output. The static analysis also reveals no dangerous functions, file operations, or external HTTP requests, and importantly, all identified AJAX entry points have nonce checks. Taint analysis indicates no critical or high severity unsanitized flows, suggesting that direct injection vulnerabilities are unlikely in this version.\n\nHowever, several concerns warrant attention. The plugin has a history of three medium severity CVEs, with the most recent being very recent (2024-08-09). The common vulnerability types listed (XSS, Missing Authorization, Authorization Bypass) are significant and indicate recurring weaknesses in how user input is handled and access is controlled. While the current static analysis shows no direct evidence of these in this specific version's code signals (e.g., 0 capability checks, 0 unprotected AJAX handlers), the historical pattern suggests a potential for such issues to be reintroduced or to exist in subtle ways not immediately apparent from the provided static analysis data. The lack of capability checks on any AJAX handlers, despite their presence, is a notable gap for a plugin that likely deals with user-specific notes.\n\nIn conclusion, while \"wp-dashboard-notes\" v1.0.13 has addressed some common security pitfalls like raw SQL and output escaping, its past vulnerability history, particularly the types of vulnerabilities and their recency, necessitates vigilance. The absence of explicit capability checks on its AJAX handlers, even with nonce checks, remains a significant weakness that could be exploited if authorization logic is not robustly implemented elsewhere or if future versions regress. Continued monitoring and potentially more in-depth auditing would be advisable.",[286,289,292,294],{"reason":287,"points":288},"History of 3 medium CVEs",15,{"reason":290,"points":291},"Most recent vulnerability: 2024-08-09",5,{"reason":293,"points":291},"Common vulnerability types: XSS, Missing Auth",{"reason":295,"points":82},"No capability checks on AJAX handlers","2026-03-16T17:26:22.709Z",{"wat":298,"direct":308},{"assetPaths":299,"generatorPatterns":303,"scriptPaths":304,"versionParams":305},[300,301,302],"\u002Fwp-content\u002Fplugins\u002Fwp-dashboard-notes\u002Fassets\u002Fcss\u002Fwp-dashboard-notes-admin.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-dashboard-notes\u002Fassets\u002Fjs\u002Fwp-dashboard-notes-admin.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-dashboard-notes\u002Fassets\u002Fjs\u002Fwp-dashboard-notes-admin.js",[],[301,302],[306,307],"wp-dashboard-notes\u002Fstyle.css?ver=","wp-dashboard-notes\u002Fscript.js?ver=",{"cssClasses":309,"htmlComments":316,"htmlAttributes":317,"restEndpoints":320,"jsGlobals":321,"shortcodeOutput":323},[310,311,312,313,314,315],"wpdn-title","wpdn-edit-title","wp-dashboard-note-wrap","list-note","list-item","list-item-content",[],[318,319],"contenteditable","data-note-id",[],[322],"wpdn",[],{"error":213,"url":325,"statusCode":326,"statusMessage":327,"message":327},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-dashboard-notes\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":288,"versions":329},[330,335,341,348,358,368,378,388,398,408,418,428,438,448,458],{"version":6,"download_url":26,"svn_tag_url":331,"released_at":39,"has_diff":51,"diff_files_changed":332,"diff_lines":39,"trac_diff_url":333,"vulnerabilities":334,"is_current":213},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.13\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.12&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.13",[],{"version":41,"download_url":336,"svn_tag_url":337,"released_at":39,"has_diff":51,"diff_files_changed":338,"diff_lines":39,"trac_diff_url":339,"vulnerabilities":340,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.12.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.12\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.11&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.12",[],{"version":58,"download_url":342,"svn_tag_url":343,"released_at":39,"has_diff":51,"diff_files_changed":344,"diff_lines":39,"trac_diff_url":345,"vulnerabilities":346,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.11.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.11\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.10&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.11",[347],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":349,"download_url":350,"svn_tag_url":351,"released_at":39,"has_diff":51,"diff_files_changed":352,"diff_lines":39,"trac_diff_url":353,"vulnerabilities":354,"is_current":51},"1.0.10","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.10.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.9&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.10",[355,356,357],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":359,"download_url":360,"svn_tag_url":361,"released_at":39,"has_diff":51,"diff_files_changed":362,"diff_lines":39,"trac_diff_url":363,"vulnerabilities":364,"is_current":51},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.8.1&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.9",[365,366,367],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":369,"download_url":370,"svn_tag_url":371,"released_at":39,"has_diff":51,"diff_files_changed":372,"diff_lines":39,"trac_diff_url":373,"vulnerabilities":374,"is_current":51},"1.0.8.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.8.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.8.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.8&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.8.1",[375,376,377],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":379,"download_url":380,"svn_tag_url":381,"released_at":39,"has_diff":51,"diff_files_changed":382,"diff_lines":39,"trac_diff_url":383,"vulnerabilities":384,"is_current":51},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.7&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.8",[385,386,387],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":389,"download_url":390,"svn_tag_url":391,"released_at":39,"has_diff":51,"diff_files_changed":392,"diff_lines":39,"trac_diff_url":393,"vulnerabilities":394,"is_current":51},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.6&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.7",[395,396,397],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":399,"download_url":400,"svn_tag_url":401,"released_at":39,"has_diff":51,"diff_files_changed":402,"diff_lines":39,"trac_diff_url":403,"vulnerabilities":404,"is_current":51},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.5&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.6",[405,406,407],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":409,"download_url":410,"svn_tag_url":411,"released_at":39,"has_diff":51,"diff_files_changed":412,"diff_lines":39,"trac_diff_url":413,"vulnerabilities":414,"is_current":51},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.4&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.5",[415,416,417],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":419,"download_url":420,"svn_tag_url":421,"released_at":39,"has_diff":51,"diff_files_changed":422,"diff_lines":39,"trac_diff_url":423,"vulnerabilities":424,"is_current":51},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.3&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.4",[425,426,427],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":429,"download_url":430,"svn_tag_url":431,"released_at":39,"has_diff":51,"diff_files_changed":432,"diff_lines":39,"trac_diff_url":433,"vulnerabilities":434,"is_current":51},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.2&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.3",[435,436,437],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":439,"download_url":440,"svn_tag_url":441,"released_at":39,"has_diff":51,"diff_files_changed":442,"diff_lines":39,"trac_diff_url":443,"vulnerabilities":444,"is_current":51},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.1&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.2",[445,446,447],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":449,"download_url":450,"svn_tag_url":451,"released_at":39,"has_diff":51,"diff_files_changed":452,"diff_lines":39,"trac_diff_url":453,"vulnerabilities":454,"is_current":51},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.0&new_path=%2Fwp-dashboard-notes%2Ftags%2F1.0.1",[455,456,457],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58},{"version":459,"download_url":460,"svn_tag_url":461,"released_at":39,"has_diff":51,"diff_files_changed":462,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":463,"is_current":51},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-dashboard-notes\u002Ftags\u002F1.0.0\u002F",[],[464,465,466],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"id":53,"url_slug":54,"title":55,"severity":42,"cvss_score":59,"vuln_type":61,"patched_in_version":58},{"id":69,"url_slug":70,"title":71,"severity":42,"cvss_score":59,"vuln_type":73,"patched_in_version":58}]