WP-Safety

WP Evernote Synchronizer Security & Risk Analysis

wordpress.org/plugins/wp-evernote-synchronizer

Enables users to import Notes from Evernote Account.

10 active installs v1.0.7 PHP + WP 4.0.1+ Updated Nov 27, 2018
contentevernoteimportsynchronizer
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Evernote Synchronizer Safe to Use in 2026?

Generally Safe

Score 85/100

WP Evernote Synchronizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The wp-evernote-synchronizer plugin v1.0.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating nonce and capability checks in a significant number of its functions. The absence of known CVEs and the lack of recorded past vulnerabilities suggest a generally stable and secure history for this plugin. However, there are significant security concerns arising from the static analysis. A notable area of risk is the presence of two AJAX handlers that lack authentication checks, creating direct entry points for unauthenticated users. Additionally, the use of a dangerous function (preg_replace(/e)) and a low percentage of properly escaped outputs raise concerns about potential code injection or cross-site scripting (XSS) vulnerabilities, even though taint analysis did not reveal critical or high severity issues in the analyzed flows. The relatively small attack surface is a mitigating factor, but the unprotected entry points are a clear weakness.

Key Concerns

  • Unprotected AJAX handlers
  • Low percentage of properly escaped outputs
  • Use of dangerous function (preg_replace(/e))
Vulnerabilities
None known

WP Evernote Synchronizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP Evernote Synchronizer Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
82
7 escaped
Nonce Checks
1
Capability Checks
5
File Operations
4
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

preg_replace(/e)preg_replace( '/<en\-media[^>]+><\/ewp-evernote-synchronizer.php:1243

Output Escaping

8% escaped89 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<wp-evernote-synchronizer> (wp-evernote-synchronizer.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP Evernote Synchronizer Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wpes_evernote_update_funcwp-evernote-synchronizer.php:1559
authwp_ajax_wpes_user_evernote_updatewp-evernote-synchronizer.php:1560
WordPress Hooks 10
actioninitwp-evernote-synchronizer.php:74
actioninitwp-evernote-synchronizer.php:75
actionadmin_menuwp-evernote-synchronizer.php:78
actionpersonal_options_updatewp-evernote-synchronizer.php:83
actionshow_user_profilewp-evernote-synchronizer.php:87
actionadmin_enqueue_scriptswp-evernote-synchronizer.php:91
actionupdate_option_wpes_evernote_update_suspendwp-evernote-synchronizer.php:238
actionprofile_updatewp-evernote-synchronizer.php:507
filtercron_scheduleswp-evernote-synchronizer.php:1556
actionwpes_evernote_updatewp-evernote-synchronizer.php:1557

Scheduled Events 2

wpes_evernote_update
wpes_evernote_update
Maintenance & Trust

WP Evernote Synchronizer Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedNov 27, 2018
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP Evernote Synchronizer Alternatives

One Click Demo Import

One Click Demo Import

one-click-demo-import

A
97

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs
Rara One Click Demo Import

Rara One Click Demo Import

rara-one-click-demo-import

A
91

Make your website look like the live demo of the theme with a click!

20K 1 CVE
AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

af-companion

A
100

Quickly import live demo content, widgets and settings with one click

10K 1 CVE
Content Egg – Affiliate Product Importer & Price Comparison

Content Egg – Affiliate Product Importer & Price Comparison

content-egg

A
96

Import affiliate products, compare prices, sync to WooCommerce, and auto-generate SEO content with AI — all in one toolkit.

10K 3 CVEs
TutorMate

TutorMate

tutormate

A
100

TutorMate is a Tutor Starter theme companion plugin to import predesigned stylish demo pages to eLearning sites powered by Tutor LMS plugin.

10K No CVEs
Developer Profile

WP Evernote Synchronizer Developer Profile

Nora

6 plugins · 230 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Evernote Synchronizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-evernote-synchronizer/css/style.css/wp-content/plugins/wp-evernote-synchronizer/css/evernote-sync.css/wp-content/plugins/wp-evernote-synchronizer/js/evernote-sync.js
Version Parameters
wp-evernote-synchronizer/css/style.css?ver=wp-evernote-synchronizer/css/evernote-sync.css?ver=wp-evernote-synchronizer/js/evernote-sync.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpes-evernote-settings-wrap
Data Attributes
data-wpes-evernote-url
JS Globals
wpes_evernote_object
FAQ

Frequently Asked Questions about WP Evernote Synchronizer