Does HDTasks | Client and Team Task Lists have any unpatched vulnerabilities?

No. All known vulnerabilities in HDTasks | Client and Team Task Lists have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HDTasks | Client and Team Task Lists compatible with WordPress 5.2.24?

According to WordPress.org data, HDTasks | Client and Team Task Lists 0.2 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is HDTasks | Client and Team Task Lists compatible with PHP 5.6+?

HDTasks | Client and Team Task Lists requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is HDTasks | Client and Team Task Lists updated?

HDTasks | Client and Team Task Lists was last updated on Mar 21, 2020. Frequent updates are generally a positive security signal.

What is HDTasks | Client and Team Task Lists's security score?

HDTasks | Client and Team Task Lists has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HDTasks | Client and Team Task Lists Security & Risk Analysis

wordpress.org/plugins/hdtasks

HDTasks. Project task management for teams and creatives

10 active installs v0.2 PHP 5.6+ WP 4.8.0+ Updated Mar 21, 2020

hdthdtaskproject-managmenttaskstodo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HDTasks | Client and Team Task Lists Safe to Use in 2026?

Generally Safe

Score 85/100

HDTasks | Client and Team Task Lists has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "hdtasks" plugin v0.2 exhibits a generally positive security posture, with no recorded vulnerabilities in its history and a static analysis that highlights good practices. All identified AJAX handlers include authentication checks, and there are no instances of raw SQL queries or critical/high severity taint flows. The absence of file operations and external HTTP requests also contributes to a more secure profile. However, the plugin's output escaping is only at 57%, which is a significant concern. While not all outputs are necessarily exploitable, a large percentage of unescaped data passing through the plugin increases the risk of cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is involved in these outputs.

Key Concerns

Low output escaping percentage (57%)

Vulnerabilities

None known

HDTasks | Client and Team Task Lists Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

HDTasks | Client and Team Task Lists Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

HDTasks | Client and Team Task Lists Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

57% escaped72 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

hdt_add_new_task (includes\functions.php:97)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

HDTasks | Client and Team Task Lists Attack Surface

Entry Points12

Unprotected0

AJAX Handlers 12

authwp_ajax_hdt_get_taskincludes\functions.php:65

noprivwp_ajax_hdt_get_taskincludes\functions.php:66

authwp_ajax_hdt_update_task_orderincludes\functions.php:92

noprivwp_ajax_hdt_update_task_orderincludes\functions.php:93

authwp_ajax_hdt_add_new_taskincludes\functions.php:160

noprivwp_ajax_hdt_add_new_taskincludes\functions.php:161

authwp_ajax_hdt_add_new_task_commentincludes\functions.php:218

noprivwp_ajax_hdt_add_new_task_commentincludes\functions.php:219

authwp_ajax_hdt_add_new_projectincludes\functions.php:254

authwp_ajax_hdt_delete_projectincludes\functions.php:301

authwp_ajax_hdt_edit_projectincludes\functions.php:351

authwp_ajax_hdt_edit_save_projectincludes\functions.php:382

WordPress Hooks 9

actionadmin_enqueue_scriptshdtasks.php:47

actionadmin_menuhdtasks.php:78

actionadmin_menuhdtasks.php:85

actioninithdtasks.php:88

actioninitincludes\post_type.php:60

actioninitincludes\post_type.php:107

filterwp_insert_term_dataincludes\post_type.php:124

filterarchive_templateincludes\post_type.php:142

actionwp_print_scriptsincludes\template.php:37

Maintenance & Trust

HDTasks | Client and Team Task Lists Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedMar 21, 2020

PHP min version5.6

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

HDTasks | Client and Team Task Lists Alternatives

Dashboard To-Do List

dashboard-to-do-list

A dashboard to-do list widget with the option to show the to-do list on the website. This is a great tool for web developers building a new website.

1K 2 CVEs

Docket WP

docket-wp

The Docket WP plugin connects your Docket WP account into any WordPress installation. You will need a Docket WP account in order to use the plugin.

300 No CVEs

Todo Block

todo-block

100

Adds ToDo list block that shows checkboxes on frontend and backend of your site.

300 No CVEs

Todo for BuddyPress & BuddyBoss

bp-user-to-do-list

100

Transform your BuddyPress or BuddyBoss community into a powerful task management platform. Members can create personal todos, collaborate on group tas …

100 1 CVE

Swift Todo List

swift-todolist

A simple and customizable to-do list plugin for WordPress that allows users to create, update, view, and delete tasks.

20 No CVEs

Developer Profile

HDTasks | Client and Team Task Lists Developer Profile

Harmonic Design

6 plugins · 8K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

205 days

View full developer profile

Detection Fingerprints

How We Detect HDTasks | Client and Team Task Lists

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hdtasks/includes/admin_style.css/wp-content/plugins/hdtasks/includes/admin_script.js/wp-content/plugins/hdtasks/includes/moment.js/wp-content/plugins/hdtasks/includes/sortable.js/wp-content/plugins/hdtasks/includes/script.js/wp-content/plugins/hdtasks/includes/editor/trumbowyg.min.js/wp-content/plugins/hdtasks/includes/editor/ui/trumbowyg.min.css/wp-content/plugins/hdtasks/style.css

Script Paths

/wp-content/plugins/hdtasks/includes/admin_script.js/wp-content/plugins/hdtasks/includes/moment.js/wp-content/plugins/hdtasks/includes/sortable.js/wp-content/plugins/hdtasks/includes/script.js/wp-content/plugins/hdtasks/includes/editor/trumbowyg.min.js

Version Parameters

hdtasks/includes/admin_style.css?v=hdtasks/includes/admin_script.js?v=hdtasks/includes/moment.js?v=hdtasks/includes/sortable.js?v=hdtasks/includes/script.js?v=hdtasks/style.css?v=

HTML / DOM Fingerprints

CSS Classes

cs-loader-innerselectselectboxselect-hiddencontenteditable

HTML Comments

Data Attributes

data-id

JS Globals

hdt_ajaxproject_idcurrent_user

FAQ