Does Bug Library have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Bug Library compatible with WordPress 6.5.8?

According to WordPress.org data, Bug Library 2.1.6 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Bug Library updated?

Bug Library was last updated on Jan 20, 2025. Frequent updates are generally a positive security signal.

What is Bug Library's security score?

Bug Library has a WP-Safety security score of 87/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bug Library Security & Risk Analysis

wordpress.org/plugins/bug-library

This plugin provides an easy way to incorporate a bug/enhancement tracking system to a WordPress site.

100 active installs v2.1.6 PHP + WP 3.0+ Updated Jan 20, 2025

bugfeatureissuerequesttracker

A · Safe

CVEs total4

Unpatched0

Last CVEJan 24, 2025

Plugin page Download

Safety Verdict

Is Bug Library Safe to Use in 2026?

Generally Safe

Score 87/100

Bug Library has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Jan 24, 2025Updated 1yr ago

Risk Assessment

The "bug-library" plugin v2.1.6 exhibits a mixed security posture. While the static analysis reveals a low attack surface with no identified unprotected entry points and generally good practices regarding output escaping and capability checks, there are areas of concern. The presence of unsanitized paths in taint analysis, even without critical or high severity, suggests potential vulnerabilities if these paths are exposed to user input. Furthermore, the vulnerability history is a significant red flag, with four known CVEs including one critical and three medium severity issues. The types of past vulnerabilities, particularly SQL Injection and Cross-site Scripting, combined with the current taint analysis findings, indicate a recurring pattern of input sanitization weaknesses. Although there are no currently unpatched CVEs, the historical prevalence of severe vulnerabilities suggests that the plugin's codebase may be prone to such issues. The plugin's strengths lie in its limited attack surface and diligent output escaping, but the historical vulnerability record and specific taint analysis findings necessitate caution.

Key Concerns

Unsanitized paths in taint analysis
History of critical severity CVEs
History of medium severity CVEs (3)
SQL queries with low prepared statement usage (23%)
Limited nonce checks (3)

Vulnerabilities

4 published

Bug Library Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

4 total CVEs

CVE-2025-24728medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Bug Library <= 2.1.4 - Authenticated (Contributor+) SQL Injection

Jan 24, 2025 Patched in 2.1.5 (5d)

CVE-2024-5604medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bug Library <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 28, 2024 Patched in 2.1.2 (28d)

CVE-2024-5450critical · 9.8Unrestricted Upload of File with Dangerous Type

Bug Library <= 2.1 - Unauthenticated Arbitrary File Upload

Jun 22, 2024 Patched in 2.1.1 (49d)

CVE-2021-38355medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bug Library <= 2.0.3 - Reflected Cross-Site Scripting

Sep 9, 2021 Patched in 2.0.4 (866d)

Version History

Bug Library Release Timeline

v2.1.6Current

v2.1.5

v2.1.41 CVE

CVE-2025-24728

v2.1.31 CVE

CVE-2025-24728

v2.1.21 CVE

CVE-2025-24728

v2.1.12 CVEs

CVE-2024-5604 CVE-2025-24728

v2.13 CVEs

CVE-2024-5450 CVE-2024-5604 CVE-2025-24728

v2.0.83 CVEs

CVE-2024-5450 CVE-2024-5604 CVE-2025-24728

v2.0.73 CVEs

CVE-2024-5450 CVE-2024-5604 CVE-2025-24728

v2.0.63 CVEs

CVE-2024-5450 CVE-2024-5604 CVE-2025-24728

v2.0.53 CVEs

CVE-2024-5450 CVE-2024-5604 CVE-2025-24728

v2.0.43 CVEs

CVE-2024-5450 CVE-2024-5604 CVE-2025-24728

v1.2.74 CVEs

CVE-2024-5450 CVE-2024-5604 CVE-2025-24728 +1 more

Code Analysis

Analyzed Mar 16, 2026

Bug Library Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

319 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

23% prepared13 total queries

Output Escaping

88% escaped364 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

on_show_page (bug-library.php:1330)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Bug Library Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[bug-library] bug-library.php:69

WordPress Hooks 31

filterscreen_layout_columnsbug-library.php:59

actionadmin_menubug-library.php:61

actionadmin_initbug-library.php:63

actionadmin_post_save_bug_library_generalbug-library.php:65

actionadmin_post_save_bug_library_stylesheetbug-library.php:66

actionwp_headbug-library.php:72

actionadmin_enqueue_scriptsbug-library.php:74

actioninitbug-library.php:76

actioninitbug-library.php:77

actionmanage_posts_custom_columnbug-library.php:79

filtermanage_edit-bug-library-bugs_columnsbug-library.php:80

filtermanage_edit-bug-library-types_columnsbug-library.php:82

filtermanage_bug-library-types_custom_columnbug-library.php:83

filtermanage_edit-bug-library-products_columnsbug-library.php:85

filtermanage_bug-library-products_custom_columnbug-library.php:86

filtermanage_edit-bug-library-status_columnsbug-library.php:88

filtermanage_bug-library-status_custom_columnbug-library.php:89

filtermanage_edit-bug-library-priority_columnsbug-library.php:91

filtermanage_bug-library-priority_custom_columnbug-library.php:92

actionrestrict_manage_postsbug-library.php:94

filterparse_querybug-library.php:95

actionsave_postbug-library.php:97

actionsave_postbug-library.php:98

actiondelete_postbug-library.php:99

filterwp_insert_post_databug-library.php:100

actiontemplate_redirectbug-library.php:102

filterthe_postsbug-library.php:105

actionquick_edit_custom_boxbug-library.php:108

actionadmin_footerbug-library.php:111

filterpost_row_actionsbug-library.php:112

filtertemplate_includebug-library.php:117

Maintenance & Trust

Bug Library Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJan 20, 2025

PHP min version

Downloads15K

Community Trust

Rating94/100

Number of ratings6

Active installs100

Alternatives

Bug Library Alternatives

WP Mantis Table

wp-mantis-table

This plugin for Wordpress 2.8 and above allows you to insert a simple table listing of issues from a Mantis Bug Tracker into a wordpress page or post.

10 No CVEs

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management

annotatr

100

Visual feedback and bug tracking for WordPress. Capture, assign, and fix issues without leaving your site — no more chasing reports.

0 No CVEs

FeedHub – Feedback Widget

feedhub-feedback-widget

100

Easily collect user feedback on your WordPress site with FeedHub's beautiful feedback widget.

0 No CVEs

SeggWat Feedback

seggwat-feedback

100

Collect user feedback directly from your WordPress site with a beautiful, customizable widget.

0 No CVEs

IdeaPush

ideapush

IdeaPush is a feature request management system for WordPress

800 8 CVEs

Developer Profile

Bug Library Developer Profile

Yannick Lefebvre

8 plugins · 11K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

498 days

View full developer profile

Detection Fingerprints

How We Detect Bug Library

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bug-library/css/bug-library.css/wp-content/plugins/bug-library/css/bug-library-admin.css/wp-content/plugins/bug-library/js/bug-library-admin.js/wp-content/plugins/bug-library/js/bug-library-frontend.js

Script Paths

/wp-content/plugins/bug-library/js/bug-library-admin.js/wp-content/plugins/bug-library/js/bug-library-frontend.js

Version Parameters

bug-library/css/bug-library.css?ver=bug-library/css/bug-library-admin.css?ver=bug-library/js/bug-library-admin.js?ver=bug-library/js/bug-library-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

bug-library-wrapbug-library-sectionbug-library-bugs-tablebug-library-type-selectorbug-library-status-selectorbug-library-product-selectorbug-library-priority-selector

HTML Comments

Data Attributes

data-bug-library-iddata-bug-library-typedata-bug-library-status

JS Globals

bugLibraryAdminbugLibraryFrontend

Shortcode Output

[bug-library][bug-library type='bug-report'][bug-library status='open']

FAQ

Bug Library Security & Risk Analysis

Is Bug Library Safe to Use in 2026?

Generally Safe

Key Concerns

Bug Library Security Vulnerabilities

CVEs by Year

Severity Breakdown

Bug Library Release Timeline

Bug Library Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Bug Library Attack Surface

Shortcodes 1

Bug Library Maintenance & Trust

Maintenance Signals

Community Trust

Bug Library Alternatives

WP Mantis Table

Annotatr – Bug Reporting, Bug Tracking, Kanban Board and Project Management

FeedHub – Feedback Widget

SeggWat Feedback

IdeaPush

Bug Library Developer Profile

How We Detect Bug Library

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Bug Library