Does BuddyTask have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is BuddyTask compatible with WordPress 6.9.4?

According to WordPress.org data, BuddyTask 1.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is BuddyTask compatible with PHP 5.3+?

BuddyTask requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BuddyTask updated?

BuddyTask was last updated on Dec 10, 2025. Frequent updates are generally a positive security signal.

What is BuddyTask's security score?

BuddyTask has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BuddyTask Security & Risk Analysis

wordpress.org/plugins/buddytask

Adds KanBan like task management boards to Posts, Pages and BuddyPress Groups!

100 active installs v1.4.0 PHP 5.3+ WP 4.6.0+ Updated Dec 10, 2025

buddypressbuddytaskkanbantask-listtask-management

A · Safe

CVEs total1

Unpatched0

Last CVEDec 11, 2025

Download

Safety Verdict

Is BuddyTask Safe to Use in 2026?

Generally Safe

Score 99/100

BuddyTask has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 11, 2025Updated 5mo ago

Risk Assessment

The static analysis of Buddytask v1.4.0 reveals a generally strong security posture, with a comprehensive approach to securing its entry points. All identified AJAX handlers and REST API routes have authorization checks, and a high percentage of SQL queries utilize prepared statements and output is properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further mitigates common attack vectors. However, the presence of 17 AJAX handlers, while secured, still represents a significant attack surface. The plugin's vulnerability history is a more concerning area, with one known medium-severity CVE related to missing authorization, even though it is currently patched. This suggests a recurring weakness in authorization logic within the plugin's development lifecycle. The lack of critical or high severity findings in the static analysis is a positive sign, but the past medium vulnerability, coupled with the substantial AJAX attack surface, warrants continued vigilance.

Key Concerns

Past medium severity vulnerability (Missing Auth)
Large attack surface (17 AJAX handlers)

Vulnerabilities

1 published

BuddyTask Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-14064medium · 5.4Missing Authorization

BuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation

Dec 11, 2025 Patched in 1.4.0 (106d)

Version History

BuddyTask Release Timeline

v1.4.0Current

v1.3.01 CVE

v1.2.01 CVE

v1.1.01 CVE

v1.0.01 CVE

Code Analysis

Analyzed Mar 16, 2026

BuddyTask Code Analysis

Dangerous Functions

Raw SQL Queries

61 prepared

Unescaped Output

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

97% prepared63 total queries

Output Escaping

92% escaped53 total outputs

Attack Surface

BuddyTask Attack Surface

Entry Points17

Unprotected0

AJAX Handlers 16

authwp_ajax_get_boardbuddytask.php:143

noprivwp_ajax_get_boardbuddytask.php:144

authwp_ajax_add_new_taskbuddytask.php:145

noprivwp_ajax_add_new_taskbuddytask.php:146

authwp_ajax_users_autocompletebuddytask.php:149

authwp_ajax_add_users_to_assign_listbuddytask.php:150

authwp_ajax_edit_taskbuddytask.php:151

noprivwp_ajax_edit_taskbuddytask.php:152

authwp_ajax_delete_taskbuddytask.php:153

noprivwp_ajax_delete_taskbuddytask.php:154

authwp_ajax_reorder_taskbuddytask.php:155

noprivwp_ajax_reorder_taskbuddytask.php:156

authwp_ajax_get_tasksbuddytask.php:157

noprivwp_ajax_get_tasksbuddytask.php:158

authwp_ajax_edit_listbuddytask.php:159

noprivwp_ajax_edit_listbuddytask.php:160

Shortcodes 1

[buddytask] buddytask.php:141

WordPress Hooks 29

actionwp_enqueue_scriptsbuddytask.php:133

actionwp_enqueue_scriptsbuddytask.php:134

actionwpmu_new_blogbuddytask.php:136

actiondelete_blogbuddytask.php:137

actionbp_includebuddytask.php:139

filterheartbeat_receivedbuddytask.php:163

filterwp_refresh_noncesbuddytask.php:164

actionbp_initincludes\buddytask-actions.php:10

actionbp_readyincludes\buddytask-actions.php:11

actionbp_setup_current_userincludes\buddytask-actions.php:12

actionbp_setup_themeincludes\buddytask-actions.php:13

actionbp_after_setup_themeincludes\buddytask-actions.php:14

actionbp_enqueue_scriptsincludes\buddytask-actions.php:15

actionbp_admin_enqueue_scriptsincludes\buddytask-actions.php:16

actionbp_enqueue_scriptsincludes\buddytask-actions.php:17

actionbp_setup_admin_barincludes\buddytask-actions.php:18

actionbp_actionsincludes\buddytask-actions.php:19

actionbp_screensincludes\buddytask-actions.php:20

actionadmin_initincludes\buddytask-actions.php:21

actionadmin_headincludes\buddytask-actions.php:22

actionbuddytask_activationincludes\buddytask-actions.php:73

actionbp_loadedincludes\buddytask-component-class.php:144

actionbuddytask_admin_initincludes\buddytask-functions.php:145

filterbp_locate_template_and_loadincludes\buddytask-group-class.php:175

filterbp_get_template_stackincludes\buddytask-group-class.php:176

actionbp_initincludes\buddytask-group-class.php:209

filterbp_locate_template_and_loadincludes\buddytask-group-legacy-class.php:157

filterbp_get_template_stackincludes\buddytask-group-legacy-class.php:158

actionbp_initincludes\buddytask-group-legacy-class.php:190

Maintenance & Trust

BuddyTask Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 10, 2025

PHP min version5.3

Downloads5K

Community Trust

Rating100/100

Number of ratings4

Active installs100

Alternatives

BuddyTask Alternatives

FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration

fluent-boards

The Simplest Project & Task Management Plugin Specifically Crafted for Agencies, Freelancers & Founders.

6K 3 CVEs

Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

wedevs-project-manager

Ease Project Management and Task Management using a powerful project manager with Kanban board, Gantt chart, milestone tracking & project reporting.

6K 21 CVEs

Todo for BuddyPress & BuddyBoss

bp-user-to-do-list

100

Transform your BuddyPress or BuddyBoss community into a powerful task management platform. Members can create personal todos, collaborate on group tas …

100 1 CVE

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart

lazytasks-project-task-management

Comprehensive Task Management, FREE! Minimalist design with powerful features to boost your productivity.

70 1 unpatched

GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin

gemboards

100

GemBoards is a project and task management plugin that helps teams manage projects, Kanban boards, and sprint workflows from one place.

10 No CVEs

Developer Profile

BuddyTask Developer Profile

Cytech

2 plugins · 800 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

112 days

View full developer profile

Detection Fingerprints

How We Detect BuddyTask

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/buddytask/includes/css/buddytask-front.css/wp-content/plugins/buddytask/includes/css/buddytask-back.css/wp-content/plugins/buddytask/includes/js/buddytask-main.js/wp-content/plugins/buddytask/includes/js/buddytask-front.js/wp-content/plugins/buddytask/includes/js/buddytask-back.js

Script Paths

/wp-content/plugins/buddytask/includes/js/buddytask-main.js/wp-content/plugins/buddytask/includes/js/buddytask-front.js/wp-content/plugins/buddytask/includes/js/buddytask-back.js

Version Parameters

buddytask/includes/css/buddytask-front.css?ver=buddytask/includes/css/buddytask-back.css?ver=buddytask/includes/js/buddytask-main.js?ver=buddytask/includes/js/buddytask-front.js?ver=buddytask/includes/js/buddytask-back.js?ver=

HTML / DOM Fingerprints

CSS Classes

buddytask-board-wrapperbuddytask-add-task-formbuddytask-task-itembuddytask-task-titlebuddytask-task-descriptionbuddytask-task-assignees

HTML Comments

Data Attributes

data-task-iddata-list-iddata-board-iddata-nonce-action

JS Globals

BuddyTaskFrontendBuddyTaskBackend

REST Endpoints

/wp-json/buddytask/v1/tasks/wp-json/buddytask/v1/lists/wp-json/buddytask/v1/boards

Shortcode Output

<div class="buddytask-board-wrapper">

FAQ

BuddyTask Security & Risk Analysis

Is BuddyTask Safe to Use in 2026?

Generally Safe

Key Concerns

BuddyTask Security Vulnerabilities

CVEs by Year

Severity Breakdown

BuddyTask Release Timeline

BuddyTask Code Analysis

SQL Query Safety

Output Escaping

BuddyTask Attack Surface

AJAX Handlers 16

Shortcodes 1

BuddyTask Maintenance & Trust

Maintenance Signals

Community Trust

BuddyTask Alternatives

FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration

Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

Todo for BuddyPress & BuddyBoss

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart

GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin

BuddyTask Developer Profile

How We Detect BuddyTask

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about BuddyTask