WP-Safety

RoadMapWP Security & Risk Analysis

wordpress.org/plugins/roadmap-wp

RoadMapWP is the number one roadmap plugin for WordPress. Easily create and manage roadmaps to collect feedback and keeping your customers in the loop …

10 active installs v1.3.4 PHP + WP + Updated Nov 30, 2025
feedbackproduct-managementproduct-ownerroadmap
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is RoadMapWP Safe to Use in 2026?

Generally Safe

Score 100/100

RoadMapWP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "roadmap-wp" plugin v1.3.4 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, using prepared statements exclusively, and has an excellent record with no known vulnerabilities or CVEs. The code also shows a high percentage of properly escaped output and a significant number of nonce checks, indicating awareness of common web security pitfalls.

However, the plugin presents a notable concern with its attack surface. Specifically, the presence of 7 AJAX handlers that lack authentication checks is a significant risk. These unprotected entry points could potentially be exploited by unauthenticated users to trigger unintended actions within the plugin. While taint analysis revealed no critical or high-severity issues and no unsanitized paths, the sheer number of unprotected AJAX endpoints is a weakness that warrants attention.

Overall, the plugin is built on a foundation of good security practices, particularly concerning data handling and output escaping. Its clean vulnerability history further reinforces this. Nevertheless, the unprotected AJAX handlers represent a clear area of risk that could be exploited if not addressed, thus slightly tempering the otherwise positive security outlook.

Key Concerns

  • AJAX handlers without auth checks
Vulnerabilities
None known

RoadMapWP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

RoadMapWP Release Timeline

v1.3.4Current
v1.3.2
v1.3.1
v1.2.8
v1.2.6
v1.2.4
v1.2.1
v1.2.0
Code Analysis
Analyzed Apr 16, 2026

RoadMapWP Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
168 escaped
Nonce Checks
8
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

96% escaped175 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
new_idea_form_shortcode (app/shortcodes/new-idea-form.php:15)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

RoadMapWP Attack Surface

Entry Points11
Unprotected7

AJAX Handlers 7

authwp_ajax_wp_roadmap_handle_voteapp/ajax-handlers.php:64
noprivwp_ajax_wp_roadmap_handle_voteapp/ajax-handlers.php:65
authwp_ajax_filter_ideasapp/ajax-handlers.php:143
noprivwp_ajax_filter_ideasapp/ajax-handlers.php:144
authwp_ajax_delete_selected_termsapp/ajax-handlers.php:178
authwp_ajax_load_ideas_for_statusapp/ajax-handlers.php:284
noprivwp_ajax_load_ideas_for_statusapp/ajax-handlers.php:285

Shortcodes 4

[display_ideas] app/shortcodes/display-ideas.php:189
[new_idea_form] app/shortcodes/new-idea-form.php:94
[roadmap_tabs] app/shortcodes/roadmap-tabs.php:109
[roadmap] app/shortcodes/roadmap.php:141
WordPress Hooks 22
actionadmin_enqueue_scriptsapp/admin-functions.php:57
actionwp_enqueue_scriptsapp/admin-functions.php:87
filterroadmapwp_force_enqueue_assetsapp/admin-functions.php:109
actionadmin_menuapp/admin-functions.php:180
actionadmin_initapp/admin-functions.php:197
filtercomments_openapp/admin-functions.php:218
filtersingle_templateapp/admin-functions.php:234
actioninitapp/cpt-ideas.php:67
actioninitapp/cpt-ideas.php:109
actioninitapp/cpt-ideas.php:123
actioncustomize_registerapp/customizer-styles.php:15
actionwp_enqueue_scriptsapp/customizer-styles.php:283
filterwp_roadmap_hide_display_ideas_headingapp/settings/display-ideas-custom-heading.php:21
filterwp_roadmap_custom_display_ideas_heading_textapp/settings/display-ideas-custom-heading.php:34
filterwp_roadmap_hide_display_ideas_heading_settingapp/settings/display-ideas-custom-heading.php:82
filterwp_roadmap_hide_custom_idea_headingapp/settings/submit-idea-custom-heading.php:21
filterwp_roadmap_custom_idea_heading_textapp/settings/submit-idea-custom-heading.php:34
filterwp_roadmap_hide_custom_idea_heading_settingapp/settings/submit-idea-custom-heading.php:80
actiontemplate_redirectapp/shortcodes/new-idea-form.php:153
filterwp_roadmap_enable_comments_settingsettings/comments.php:24
actionadmin_noticeswp-roadmap.php:21
filtersingle_templatewp-roadmap.php:90
Maintenance & Trust

RoadMapWP Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 30, 2025
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

RoadMapWP Alternatives

Product Roadmap

Product Roadmap

product-roadmap

A
100

Create public product roadmaps to share your vision, collect user feedback, and build products your customers actually want.

10 No CVEs
Changeloger – Release Notes & Changelog Manager

Changeloger – Release Notes & Changelog Manager

changeloger

A
100

The all-in-one changelog, release notes, public roadmap, and user feedback plugin for WordPress. Beautiful visual designs out of the box.

300 No CVEs
WP Roadmap – Product Feedback Board

WP Roadmap – Product Feedback Board

wp-roadmap

A
98

WP Roadmap plugin is a perfect feedback and roadmap plugin tool that make adding roadmap and feedback easily to your WordPress website.

200 2 CVEs
Simple Feature Requests Free – User Feedback Board

Simple Feature Requests Free – User Feedback Board

simple-feature-requests

A
100

Collect and manage user feedback using your existing WordPress website. Prioritize the product features important to you and your customers.

100 No CVEs
Roadmap

Roadmap

roadmap

A
85

Easily add a product roadmap and feedback form to your WordPress site, blog or members area. Keep your users up to date on your progress, product idea …

20 No CVEs
Developer Profile

RoadMapWP Developer Profile

highprrrr

2 plugins · 10 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect RoadMapWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/roadmap-wp/app/assets/css/idea-editor-styles.css/wp-content/plugins/roadmap-wp/app/assets/css/admin-styles.css/wp-content/plugins/roadmap-wp/app/dist/styles.css/wp-content/plugins/roadmap-wp/app/assets/js/help.js/wp-content/plugins/roadmap-wp/app/assets/js/taxonomies.js/wp-content/plugins/roadmap-wp/app/assets/js/admin.js/wp-content/plugins/roadmap-wp/app/assets/css/wp-roadmap.css
Script Paths
/wp-content/plugins/roadmap-wp/app/assets/js/help.js/wp-content/plugins/roadmap-wp/app/assets/js/taxonomies.js/wp-content/plugins/roadmap-wp/app/assets/js/admin.js
Version Parameters
roadmap-wp/app/assets/css/idea-editor-styles.css?ver=roadmap-wp/app/assets/css/admin-styles.css?ver=roadmap-wp/app/dist/styles.css?ver=roadmap-wp/app/assets/js/help.js?ver=roadmap-wp/app/assets/js/taxonomies.js?ver=roadmap-wp/app/assets/js/admin.js?ver=roadmap-wp/app/assets/css/wp-roadmap.css?ver=

HTML / DOM Fingerprints

CSS Classes
roadmapwp-idea-formroadmapwp-ideas-listroadmapwp-single-idearoadmapwp-voting-sectionroadmapwp-submit-idea-form-wrapperroadmapwp-submit-idea-formroadmapwp-ideas-list-wrapperroadmapwp-ideas-list+14 more
HTML Comments
<!-- RoadMapWP: New Idea Form --><!-- RoadMapWP: Display Ideas --><!-- RoadMapWP: Roadmap --><!-- RoadMapWP: Roadmap Tabs -->+4 more
Data Attributes
data-roadmapwp-actiondata-roadmapwp-noncedata-idea-iddata-vote-type
JS Globals
wpRoadmapAjax
REST Endpoints
/wp-json/roadmapwp/v1/vote/wp-json/roadmapwp/v1/submit-idea
Shortcode Output
[new_idea_form][display_ideas][roadmap][roadmap_tabs]
FAQ

Frequently Asked Questions about RoadMapWP