LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart Security & Risk Analysis

wordpress.org/plugins/lazytasks-project-task-management

Comprehensive Task Management, FREE! Minimalist design with powerful features to boost your productivity.

70 active installs v1.4.74 PHP 7.4+ WP 6.2+ Updated Mar 11, 2026

bug-trackingganttkanbanproject-managementtask-management

D · High Risk

CVEs total2

Unpatched2

Last CVEJan 22, 2026

Plugin page Download

Safety Verdict

Is LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart Safe to Use in 2026?

High Risk

Score 40/100

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Jan 22, 2026Updated 23d ago

Risk Assessment

The lazytasks-project-task-management plugin exhibits a significant security risk due to multiple unprotected entry points, particularly its AJAX handlers and REST API routes which lack proper authorization checks. While the plugin demonstrates strong practices in SQL query preparation and output escaping, the presence of unprotected AJAX endpoints and a REST API route significantly broadens its attack surface, making it vulnerable to unauthorized actions. The plugin's vulnerability history is a major concern, with two known critical CVEs, both currently unpatched. These historical vulnerabilities, specifically Incorrect Privilege Assignment and Missing Authorization, directly correlate with the observed lack of authorization checks in the static analysis. This pattern suggests a recurring weakness in how the plugin handles user permissions and access control. While the plugin's adherence to prepared statements and output escaping is commendable, the critical unpatched vulnerabilities and unprotected entry points create a high-risk environment. Prompt patching of existing vulnerabilities and immediate implementation of authorization checks on all entry points are strongly recommended.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
2 unpatched critical CVEs
Missing authorization on 2 entry points

Vulnerabilities

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Critical

2 total CVEs

CVE-2025-68869critical · 9.8Incorrect Privilege Assignment

LazyTasks <= 1.4.01 - Unauthenticated Privilege Escalation

Jan 22, 2026Unpatched

CVE-2025-12963critical · 9.8Missing Authorization

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation

Dec 11, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart Code Analysis

Dangerous Functions

Raw SQL Queries

1163 prepared

Unescaped Output

208 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

92% prepared1258 total queries

Output Escaping

100% escaped208 total outputs

Attack Surface

3 unprotected

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 2

authwp_ajax_lazytask_review_notice_actionadmin\notices\class-lazytask-review-notice.php:279

noprivwp_ajax_lazytask_review_notice_actionadmin\notices\class-lazytask-review-notice.php:284

REST API Routes 1

GET/wp-json/lazytasks/api/versionssrc\Routes\Lazytask_RouteRegistrar.php:31

WordPress Hooks 26

actionadmin_noticesadmin\notices\class-lazytask-review-notice.php:23

actionadmin_enqueue_scriptsadmin\notices\class-lazytask-review-notice.php:24

actionadmin_initadmin\notices\class-lazytask-review-notice.php:272

actionplugins_loadedincludes\class-lazy-task.php:150

actionadmin_enqueue_scriptsincludes\class-lazy-task.php:166

actionadmin_enqueue_scriptsincludes\class-lazy-task.php:167

actionadmin_enqueue_scriptsincludes\class-lazy-task.php:168

actionadmin_menuincludes\class-lazy-task.php:169

actionadmin_bar_menuincludes\class-lazy-task.php:170

actionrest_api_initincludes\class-lazy-task.php:171

actionwp_loginincludes\class-lazy-task.php:172

actioninitincludes\class-lazy-task.php:173

filtertheme_page_templatesincludes\class-lazy-task.php:174

filtertemplate_includeincludes\class-lazy-task.php:175

filtershow_admin_barincludes\class-lazy-task.php:176

actionadmin_initincludes\class-lazy-task.php:177

actionload-post.phpincludes\class-lazy-task.php:178

actionload-post-new.phpincludes\class-lazy-task.php:179

actionpre_get_postsincludes\class-lazy-task.php:180

filterrest_post_dispatchincludes\class-lazy-task.php:182

filterupload_mimesincludes\class-lazy-task.php:183

actionwp_enqueue_scriptsincludes\class-lazy-task.php:246

actionwp_enqueue_scriptsincludes\class-lazy-task.php:247

filterlazytask_integrated_action_listsrc\Controller\v1\Lazytask_NotificationController.php:27

actionphpmailer_initsrc\Notification\includes\Integrations.php:15

actionplugins_loadedsrc\Notification\includes\Integrations.php:16

Maintenance & Trust

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.4

Downloads4K

Community Trust

Rating100/100

Number of ratings4

Active installs70

Alternatives

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart Alternatives

Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker

wedevs-project-manager

Ease Project Management and Task Management using a powerful project manager with Kanban board, Gantt chart, milestone tracking & project reporting.

7K 1 unpatched

FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration

fluent-boards

The Simplest Project & Task Management Plugin Specifically Crafted for Agencies, Freelancers & Founders.

6K 2 CVEs

GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin

gemboards

100

GemBoards is a project and task management plugin that helps teams manage projects, Kanban boards, and sprint workflows from one place.

0 No CVEs

Taskbuilder – Project Management & Task Management Tool With Kanban Board

taskbuilder

Taskbuilder is a project management and task management plugin for WordPress with Kanban-style boards to organize and track work.

800 11 CVEs

BuddyTask

buddytask

Adds KanBan like task management boards to Posts, Pages and BuddyPress Groups!

100 1 CVE

Developer Profile

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart Developer Profile

LazyCoders LLC

1 plugin · 70 total installs

trust score

Avg Security Score

40/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lazytasks-project-task-management/admin/css/pms-rbs-admin.css/wp-content/plugins/lazytasks-project-task-management/admin/frontend/build/index.css/wp-content/plugins/lazytasks-project-task-management/admin/frontend/build/index.js

Script Paths

/wp-content/plugins/lazytasks-project-task-management/admin/frontend/build/index.js

Version Parameters

lazytasks-project-task-management/admin/css/pms-rbs-admin.css?ver=lazytasks-project-task-management/admin/frontend/build/index.css?ver=lazytasks-project-task-management/admin/frontend/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

lazytasks-page

Data Attributes

data-ltask-id

JS Globals

lazytask_localize

REST Endpoints

/wp-json/lazytask/v1/

FAQ