Does Dear Project Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Dear Project Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Dear Project Manager compatible with WordPress 6.9.4?

According to WordPress.org data, Dear Project Manager 1.0.15 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Dear Project Manager compatible with PHP 7.4+?

Dear Project Manager requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Dear Project Manager updated?

Dear Project Manager was last updated on Jan 6, 2026. Frequent updates are generally a positive security signal.

What is Dear Project Manager's security score?

Dear Project Manager has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dear Project Manager Security & Risk Analysis

wordpress.org/plugins/bipo-project-manager

A comprehensive project management plugin for WordPress with team collaboration, applications, and submissions.

0 active installs v1.0.15 PHP 7.4+ WP 5.8+ Updated Jan 6, 2026

collaborationmanagementportfolioprojectsteam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Dear Project Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Dear Project Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The bipo-project-manager plugin version 1.0.15 exhibits a generally good security posture, with several strengths evident in its code. The complete absence of dangerous functions, file operations, and external HTTP requests is a positive sign. Furthermore, all SQL queries utilize prepared statements, and there are no recorded vulnerabilities in its history, indicating diligent development practices. The plugin also shows good attention to security by performing nonce and capability checks on a significant number of its internal operations.

However, a notable concern lies within its attack surface. Out of a total of 12 entry points, 5 are unprotected, specifically 5 REST API routes lacking permission callbacks. This presents a significant risk, as these routes can potentially be accessed and manipulated by unauthenticated users, leading to unintended actions or information disclosure. While the taint analysis found no critical or high-severity issues, the presence of unprotected entry points remains a critical area for improvement. The plugin's static analysis shows a high percentage of properly escaped output, but the 16% that is not properly escaped could still pose an XSS risk if that output is derived from user-supplied data.

In conclusion, bipo-project-manager demonstrates good underlying security practices in its core functions and data handling. The lack of historical vulnerabilities is a strong indicator of responsible development. The primary weakness is the exposed REST API endpoints, which require immediate attention to implement proper authorization checks. Addressing this will significantly enhance the plugin's overall security.

Key Concerns

REST API routes without permission callbacks
Unescaped output detected

Vulnerabilities

None known

Dear Project Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Dear Project Manager Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

266 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

84% escaped318 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

ajax_save_setup (bipo-project-manager.php:1185)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Dear Project Manager Attack Surface

Entry Points12

Unprotected5

AJAX Handlers 6

authwp_ajax_dearprma_save_setupbipo-project-manager.php:38

authwp_ajax_dearprma_deactivatebipo-project-manager.php:39

authwp_ajax_dearprma_submit_applicationincludes\class-applications.php:19

authwp_ajax_dearprma_approve_applicationincludes\class-applications.php:20

authwp_ajax_dearprma_reject_applicationincludes\class-applications.php:21

authwp_ajax_dearprma_submit_submissionincludes\class-submissions.php:15

REST API Routes 5

GET/wp-json/dearprma/v1/tasksbipo-project-manager.php:335

GET/wp-json/dearprma/v1/tasks/(?P<id>\d+)bipo-project-manager.php:348

GET/wp-json/dearprma/v1/issuesbipo-project-manager.php:367

GET/wp-json/dearprma/v1/issues/(?P<id>\d+)bipo-project-manager.php:380

GET/wp-json/dearprma/v1/issues/(?P<id>\d+)/commentsbipo-project-manager.php:399

Shortcodes 1

[projects_list] frontend\class-frontend-display.php:18

WordPress Hooks 36

filtermanage_project_posts_columnsadmin\class-admin-enhancements.php:18

actionmanage_project_posts_custom_columnadmin\class-admin-enhancements.php:19

filtermanage_edit-project_sortable_columnsadmin\class-admin-enhancements.php:20

actionadmin_headadmin\class-admin-enhancements.php:21

actionadd_meta_boxesadmin\class-admin-enhancements.php:22

actionsave_postadmin\class-admin-enhancements.php:23

filterpost_row_actionsadmin\class-admin-enhancements.php:24

actionadmin_noticesadmin\class-admin-enhancements.php:25

actionadmin_menuadmin\class-admin-menu.php:18

actioninitbipo-project-manager.php:29

actionadmin_initbipo-project-manager.php:30

actionadmin_initbipo-project-manager.php:31

actionadmin_menubipo-project-manager.php:32

actionadmin_enqueue_scriptsbipo-project-manager.php:33

actionadmin_enqueue_scriptsbipo-project-manager.php:34

filterbody_classbipo-project-manager.php:35

actionadmin_footer-plugins.phpbipo-project-manager.php:42

actionrest_api_initbipo-project-manager.php:83

filterquery_varsbipo-project-manager.php:87

actiontemplate_redirectbipo-project-manager.php:88

filtercomments_openbipo-project-manager.php:153

filtersingle_templatefrontend\class-frontend-display.php:19

filterarchive_templatefrontend\class-frontend-display.php:20

actionwp_headfrontend\class-frontend-display.php:179

actionwp_headfrontend\class-frontend-display.php:196

filtermanage_edit-project_application_columnsincludes\class-applications.php:23

actionmanage_project_application_posts_custom_columnincludes\class-applications.php:24

actionadmin_footerincludes\class-applications.php:25

actionadd_meta_boxesincludes\class-applications.php:27

actionsave_postincludes\class-applications.php:28

actionwp_enqueue_scriptsincludes\class-enqueue-scripts.php:18

actionadmin_enqueue_scriptsincludes\class-enqueue-scripts.php:19

filtermanage_edit-project_submission_columnsincludes\class-submissions.php:17

actionmanage_project_submission_posts_custom_columnincludes\class-submissions.php:18

actionadd_meta_boxesincludes\class-submissions.php:20

actionsave_postincludes\class-submissions.php:21

Maintenance & Trust

Dear Project Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 6, 2026

PHP min version7.4

Downloads180

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Dear Project Manager Alternatives

GS Behance Portfolio – Display Projects, Gallery & Slider

gs-behance-portfolio

100

Showcase Behance projects on your site with GS Behance Portfolio. Display in Grid, Slider, Gallery & more responsive layouts.

400 No CVEs

Simple Folio

simple-folio

This plugin lets you to create beautiful filterable responsive portfolio.

30 3 CVEs

OpenAsset

openasset

100

Sync your AEC Project Portfolio, Employees and Images from OpenAsset to your Wordpress Website.

10 No CVEs

GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin

gemboards

100

GemBoards is a project and task management plugin that helps teams manage projects, Kanban boards, and sprint workflows from one place.

0 No CVEs

WPZOOM Portfolio Lite – Filterable Portfolio Plugin

wpzoom-portfolio

Portfolio plugin for WordPress. Create filterable portfolio grids with masonry layouts and lightbox. Ideal for photographers, designers, agencies.

20K 2 CVEs

Developer Profile

Dear Project Manager Developer Profile

Bipin Khatri

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Dear Project Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bipo-project-manager/assets/css/bipo-project-manager-style.css/wp-content/plugins/bipo-project-manager/assets/js/admin.js/wp-content/plugins/bipo-project-manager/assets/js/app.js/wp-content/plugins/bipo-project-manager/assets/js/setup.js

Script Paths

/wp-content/plugins/bipo-project-manager/assets/js/admin.js/wp-content/plugins/bipo-project-manager/assets/js/app.js/wp-content/plugins/bipo-project-manager/assets/js/setup.js

Version Parameters

bipo-project-manager/assets/css/bipo-project-manager-style.css?ver=bipo-project-manager/assets/js/admin.js?ver=bipo-project-manager/assets/js/app.js?ver=bipo-project-manager/assets/js/setup.js?ver=

HTML / DOM Fingerprints

CSS Classes

dear-pm-setup-wizard

HTML Comments

Data Attributes

data-dearprma-nonce

JS Globals

dearprma_ajax_object

REST Endpoints

/wp-json/dearprma/v1/setup/wp-json/dearprma/v1/deactivate

FAQ