WP-Safety

Eonet Project Manager Security & Risk Analysis

wordpress.org/plugins/eonet-project-manager

Make your site a complete project management tool: create projects, set permissions and assign tasks your users.

40 active installs v1.0.5 PHP + WP 3.0.1+ Updated Sep 12, 2018
basecampprojectsprojects-managementprojects-managertasks
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Eonet Project Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Eonet Project Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The eonet-project-manager plugin v1.0.5 presents a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) or reported issues, and it utilizes nonce checks and capability checks to some extent. However, the static analysis reveals significant areas of concern. A substantial portion of its attack surface, specifically 10 out of 19 AJAX handlers, lacks authentication checks, leaving them potentially exposed to unauthorized access and execution.

Further concerns arise from the presence of the `unserialize` function, which, without proper sanitization or validation of the data it processes, can lead to deserialization vulnerabilities. The SQL query practices are also questionable, with only 50% using prepared statements, indicating a risk of SQL injection in the remaining queries. The output escaping is also not consistently applied, with over half of the outputs potentially vulnerable to cross-site scripting (XSS).

Despite the lack of historical vulnerabilities, the current code analysis highlights several inherent risks. The large number of unprotected AJAX endpoints, the use of `unserialize`, and the inconsistent output escaping are significant security weaknesses. While the absence of CVEs is a positive indicator, it doesn't negate the potential for exploitation based on the identified code flaws. A cautious approach is warranted due to these specific code-level risks.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • SQL queries not using prepared statements
  • Improper output escaping
  • Low number of capability checks
Vulnerabilities
None known

Eonet Project Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Eonet Project Manager Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
1 prepared
Unescaped Output
101
105 escaped
Nonce Checks
6
Capability Checks
3
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->members_assigned = ( isset( $meta['eonet-task-members-assigned'] ) ) ? unserialize($meta['eoncomponent-project-manager\classes\Eonet_PM_Task.php:313
unserialize$val = unserialize($val);core\EonetMetaboxes.php:89

SQL Query Safety

50% prepared2 total queries

Output Escaping

51% escaped206 total outputs
Attack Surface
10 unprotected

Eonet Project Manager Attack Surface

Entry Points19
Unprotected10

AJAX Handlers 19

authwp_ajax_eo_create_new_task_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:11
noprivwp_ajax_eo_create_new_task_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:12
authwp_ajax_eo_edit_task_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:14
noprivwp_ajax_eo_edit_task_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:15
authwp_ajax_eo_delete_task_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:17
noprivwp_ajax_eo_delete_task_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:18
authwp_ajax_eo_change_task_status_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:20
noprivwp_ajax_eo_change_task_status_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:21
authwp_ajax_eo_sort_tasks_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:23
noprivwp_ajax_eo_sort_tasks_by_frontendcomponent-project-manager\classes\Eonet_PM_AjaxManager.php:24
authwp_ajax_eonet_project_admin_member_autocompletecomponent-project-manager\include\core-functions.php:72
authwp_ajax_eonet_admin_get_pagecore\admin\EonetAdmin.php:28
noprivwp_ajax_eonet_admin_get_pagecore\admin\EonetAdmin.php:29
authwp_ajax_eonet_admin_save_settingscore\admin\EonetAdmin.php:30
noprivwp_ajax_eonet_admin_save_settingscore\admin\EonetAdmin.php:31
authwp_ajax_eonet_admin_reset_settingscore\admin\EonetAdmin.php:32
noprivwp_ajax_eonet_admin_reset_settingscore\admin\EonetAdmin.php:33
authwp_ajax_eonet_admin_state_componentcore\EonetComponents.php:44
noprivwp_ajax_eonet_admin_state_componentcore\EonetComponents.php:45
WordPress Hooks 44
filterpre_get_postscomponent-project-manager\classes\Eonet_PM_Security.php:12
filterpre_get_postscomponent-project-manager\classes\Eonet_PM_Security.php:13
filtertemplate_includecomponent-project-manager\classes\Eonet_PM_TemplateLoader.php:20
actionadmin_enqueue_scriptscomponent-project-manager\EonetProjectManager.php:33
actionwp_enqueue_scriptscomponent-project-manager\EonetProjectManager.php:34
actioninitcomponent-project-manager\EonetProjectManager.php:37
actioninitcomponent-project-manager\EonetProjectManager.php:38
actioninitcomponent-project-manager\EonetProjectManager.php:39
actioneonet_admin_settings_savedcomponent-project-manager\EonetProjectManager.php:42
actionsave_postcomponent-project-manager\EonetProjectManager.php:43
actionwp_headcomponent-project-manager\EonetProjectManager.php:47
actionthe_postcomponent-project-manager\include\core-functions.php:26
filtereonet_front_custom_fieldscomponent-project-manager\include\eonet-frontend-publisher-functions.php:36
actioneonet_frontend_custom_processcomponent-project-manager\include\eonet-frontend-publisher-functions.php:57
filtereonet_front_edit_btn_deactivatedcomponent-project-manager\include\eonet-frontend-publisher-functions.php:71
actioneopm_single_project_contentcomponent-project-manager\include\eonet-frontend-publisher-functions.php:96
actionadd_meta_boxescomponent-project-manager\include\metabox-members-functions.php:12
actionadd_meta_boxescomponent-project-manager\include\metabox-tasks-functions.php:23
actioneopm_before_projects_loopcomponent-project-manager\include\template-functions.php:12
actioneopm_after_projects_loopcomponent-project-manager\include\template-functions.php:20
actioneopm_project_header_rightcomponent-project-manager\include\template-functions.php:37
actioneopm_project_header_rightcomponent-project-manager\include\template-functions.php:47
actioneopm_project_header_leftcomponent-project-manager\include\template-functions.php:82
actioneopm_project_header_leftcomponent-project-manager\include\template-functions.php:93
actioneopm_sigle_project_navcomponent-project-manager\include\template-functions.php:152
actioneopm_single_project_contentcomponent-project-manager\include\template-functions.php:246
filtercomments_templatecomponent-project-manager\include\template-functions.php:265
actioneopm_before_main_contentcomponent-project-manager\include\template-functions.php:273
actioneopm_after_main_contentcomponent-project-manager\include\template-functions.php:281
actioneopm_sidebarcomponent-project-manager\include\template-functions.php:289
actioneopm_sidebarcomponent-project-manager\include\template-functions.php:306
actionplugins_loadedcomponent-project-manager\init.php:9
actionadmin_menucore\admin\EonetAdmin.php:34
actionplugins_loadedcore\bootstrap.php:11
actionadmin_enqueue_scriptscore\Eonet.php:33
actionwp_enqueue_scriptscore\Eonet.php:34
actionadmin_enqueue_scriptscore\Eonet.php:35
actionwp_enqueue_scriptscore\Eonet.php:36
actionadmin_initcore\EonetComponents.php:40
actioninitcore\EonetComponents.php:41
actionwp_enqueue_scriptscore\EonetComponents.php:55
actionadmin_enqueue_scriptscore\EonetComponents.php:56
actionadd_meta_boxescore\EonetMetaboxes.php:53
actionsave_postcore\EonetMetaboxes.php:55
Maintenance & Trust

Eonet Project Manager Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedSep 12, 2018
PHP min version
Downloads10K

Community Trust

Rating100/100
Number of ratings4
Active installs40
Alternatives

Eonet Project Manager Alternatives

Zephyr Project Manager

Zephyr Project Manager

zephyr-project-manager

B
82

Zephyr Project Manager is a modern, easy to use sophisticated project manager for WordPress.

1K 20 CVEs
WP To Do

WP To Do

wp-todo

A
97

WP-Todo: Smart To-Do List & Task Management Plugin for WordPress

100 7 CVEs
Easy Project

Easy Project

iprojectweb

A
85

Easy to use yet powerful project management tool

10 No CVEs
Desert Companion

Desert Companion

desert-companion

A
100

Desert Companion Enhances Desert Themes with additional functionality.

20K No CVEs
WPZOOM Portfolio Lite – Filterable Portfolio Plugin

WPZOOM Portfolio Lite – Filterable Portfolio Plugin

wpzoom-portfolio

A
99

Portfolio plugin for WordPress. Create filterable portfolio grids with masonry layouts and lightbox. Ideal for photographers, designers, agencies.

20K 2 CVEs
Developer Profile

Eonet Project Manager Developer Profile

Alkaweb

4 plugins · 510 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Eonet Project Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/eonet-project-manager/core/assets/js/eonet_project_manager.js/wp-content/plugins/eonet-project-manager/core/assets/css/eonet-project-manager-style.min.css
Version Parameters
eonet-project-manager/assets/js/eonet_project_manager.js?ver=eonet-project-manager/assets/css/eonet-project-manager-style.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
eonet-project-managereonet_project_manager
JS Globals
EONET_PROJECTSeopm_ajax_object
FAQ

Frequently Asked Questions about Eonet Project Manager