Does Product Roadmap have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Product Roadmap compatible with WordPress 6.8.5?

According to WordPress.org data, Product Roadmap 1.2.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Product Roadmap compatible with PHP 7.4+?

Product Roadmap requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Product Roadmap updated?

Product Roadmap was last updated on Nov 4, 2025. Frequent updates are generally a positive security signal.

What is Product Roadmap's security score?

Product Roadmap has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Product Roadmap Security & Risk Analysis

wordpress.org/plugins/product-roadmap

Create public product roadmaps to share your vision, collect user feedback, and build products your customers actually want.

10 active installs v1.2.1 PHP 7.4+ WP 5.8+ Updated Nov 4, 2025

feature-votingproduct-managementproduct-roadmaproadmapuser-feedback

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Product Roadmap Safe to Use in 2026?

Generally Safe

Score 100/100

Product Roadmap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "product-roadmap" plugin v1.2.1 exhibits a generally good security posture, adhering to many WordPress security best practices. The static analysis reveals a strong emphasis on secure coding, with a high percentage of SQL queries using prepared statements and output escaping. The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security. Moreover, the plugin has a clean vulnerability history, with no recorded CVEs, suggesting a history of stable and secure development.

However, there are specific areas that introduce potential risks. The presence of two AJAX handlers without authentication checks represents a significant attack surface that could be exploited by unauthenticated users. While the taint analysis shows no critical or high severity unsanitized paths, the unprotected AJAX endpoints could potentially lead to unauthorized actions if not properly secured within the application logic itself.

In conclusion, while the "product-roadmap" plugin demonstrates a commitment to secure coding practices with robust SQL and output handling, the unprotected AJAX endpoints are a notable weakness. This requires careful consideration and implementation of appropriate security measures on the server-side to mitigate potential risks. The absence of historical vulnerabilities is a positive indicator, but the identified unprotected entry points warrant attention.

Key Concerns

Unprotected AJAX handlers

Vulnerabilities

None known

Product Roadmap Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Product Roadmap Release Timeline

v1.2.1Current

v1.2.0

v1.1.1

v1.1.0

v1.0.2

v1.0.1

Code Analysis

Analyzed Mar 16, 2026

Product Roadmap Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

239 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

96% prepared23 total queries

Output Escaping

99% escaped242 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

handle_setup_actions (includes\class-roadmap-setup-wizard.php:451)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Product Roadmap Attack Surface

Entry Points6

Unprotected2

AJAX Handlers 5

authwp_ajax_roadmap_dismiss_setup_noticeincludes\class-roadmap-demo-import.php:24

authwp_ajax_roadmap_save_product_settingsincludes\class-roadmap-settings.php:23

authwp_ajax_roadmap_get_product_settingsincludes\class-roadmap-settings.php:24

authwp_ajax_roadmap_voteincludes\class-roadmap-voting.php:19

noprivwp_ajax_roadmap_voteincludes\class-roadmap-voting.php:20

Shortcodes 1

[roadmap] includes\class-roadmap-shortcode.php:19

WordPress Hooks 48

actionadmin_enqueue_scriptsincludes\class-roadmap-admin.php:19

actionrest_api_initincludes\class-roadmap-api.php:20

actioninitincludes\class-roadmap-cpt.php:19

actioninitincludes\class-roadmap-cpt.php:20

actioninitincludes\class-roadmap-cpt.php:21

actionadd_meta_boxesincludes\class-roadmap-cpt.php:22

actionsave_post_roadmap_itemincludes\class-roadmap-cpt.php:23

actionenqueue_block_editor_assetsincludes\class-roadmap-cpt.php:24

actionwp_insert_postincludes\class-roadmap-cpt.php:25

filterpost_type_linkincludes\class-roadmap-cpt.php:28

actioninitincludes\class-roadmap-cpt.php:29

filterquery_varsincludes\class-roadmap-cpt.php:30

actionpre_get_postsincludes\class-roadmap-cpt.php:31

filtertemplate_includeincludes\class-roadmap-cpt.php:34

filterroadmap_item_meta_fieldsincludes\class-roadmap-cpt.php:37

filterviews_edit-roadmap_itemincludes\class-roadmap-cpt.php:40

filterpost_row_actionsincludes\class-roadmap-cpt.php:43

actionadmin_action_approve_roadmap_itemincludes\class-roadmap-cpt.php:44

actionadmin_action_reject_roadmap_itemincludes\class-roadmap-cpt.php:45

actionadmin_noticesincludes\class-roadmap-cpt.php:46

actionadmin_noticesincludes\class-roadmap-demo-import.php:23

actionadmin_initincludes\class-roadmap-demo-import.php:27

actionroadmap_vote_submittedincludes\class-roadmap-notifications.php:19

actionroadmap_comment_submittedincludes\class-roadmap-notifications.php:20

actionroadmap_suggestion_submittedincludes\class-roadmap-notifications.php:21

actiontransition_post_statusincludes\class-roadmap-notifications.php:22

actioninitincludes\class-roadmap-permissions.php:19

filteruser_has_capincludes\class-roadmap-permissions.php:20

actionadmin_menuincludes\class-roadmap-settings.php:19

actionadmin_menuincludes\class-roadmap-settings.php:20

actionadmin_initincludes\class-roadmap-settings.php:21

actionadmin_enqueue_scriptsincludes\class-roadmap-settings.php:22

actionadmin_noticesincludes\class-roadmap-settings.php:27

filtermanage_edit-roadmap_product_columnsincludes\class-roadmap-settings.php:30

filtermanage_roadmap_product_custom_columnincludes\class-roadmap-settings.php:31

filterparent_fileincludes\class-roadmap-settings.php:34

filtersubmenu_fileincludes\class-roadmap-settings.php:35

actionadmin_menuincludes\class-roadmap-setup-wizard.php:22

actionadmin_initincludes\class-roadmap-setup-wizard.php:23

actionadmin_enqueue_scriptsincludes\class-roadmap-setup-wizard.php:24

actionadmin_initincludes\class-roadmap-setup-wizard.php:27

actionwp_enqueue_scriptsincludes\class-roadmap-shortcode.php:20

filtersingle_templateincludes\class-roadmap-template.php:22

filterarchive_templateincludes\class-roadmap-template.php:23

actioninitproduct-roadmap.php:63

actionupgrader_process_completeproduct-roadmap.php:64

actionadmin_initproduct-roadmap.php:91

actionadmin_initproduct-roadmap.php:92

Maintenance & Trust

Product Roadmap Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 4, 2025

PHP min version7.4

Downloads541

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Product Roadmap Alternatives

Simple Feature Requests Free – User Feedback Board

simple-feature-requests

100

Collect and manage user feedback using your existing WordPress website. Prioritize the product features important to you and your customers.

100 No CVEs

Roadmap

roadmap

Easily add a product roadmap and feedback form to your WordPress site, blog or members area. Keep your users up to date on your progress, product idea …

20 No CVEs

RoadMapWP

roadmap-wp

100

RoadMapWP is the number one roadmap plugin for WordPress. Easily create and manage roadmaps to collect feedback and keeping your customers in the loop …

10 No CVEs

JE Roadmap Block

je-roadmap-block

100

Display your product roadmap with beautiful layouts. Show planned features, work in progress, and completed items.

0 No CVEs

UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds

userfeedback-lite

Ultimate user feedback plugin to ask questions, surveys, polls, from your website in seconds

200K 9 CVEs

Developer Profile

Product Roadmap Developer Profile

wbcomdesigns

19 plugins · 10K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

807 days

View full developer profile

Detection Fingerprints

How We Detect Product Roadmap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/product-roadmap/assets/css/frontend.css/wp-content/plugins/product-roadmap/assets/css/roadmap-frontend.css/wp-content/plugins/product-roadmap/assets/js/frontend.js/wp-content/plugins/product-roadmap/assets/js/roadmap-frontend.js

Script Paths

/wp-content/plugins/product-roadmap/assets/js/frontend.js/wp-content/plugins/product-roadmap/assets/js/roadmap-frontend.js

Version Parameters

product-roadmap/assets/css/frontend.css?ver=product-roadmap/assets/css/roadmap-frontend.css?ver=product-roadmap/assets/js/frontend.js?ver=product-roadmap/assets/js/roadmap-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

roadmap-frontendroadmap-suggestionsroadmap-singleroadmap-single-itemroadmap-comment-formroadmap-item-vote

Data Attributes

data-roadmap-item-iddata-roadmap-vote-nonce

JS Globals

roadmap_frontend_params

REST Endpoints

/wp-json/roadmap/v1/vote/wp-json/roadmap/v1/comment

Shortcode Output

[product_roadmap][roadmap_list][roadmap_item][roadmap_voting]

FAQ