WP-Safety

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Security & Risk Analysis

wordpress.org/plugins/software-issue-manager

Best issue tracking, bug tracking and project management plugin. Easily manage tasks, stay organized, and track progress in WordPress.

20 active installs v5.0.1 PHP + WP 4.5+ Updated Aug 7, 2025
bug-trackingdeveloper-toolsissue-managementissue-trackingproject-management
99
A · Safe
CVEs total1
Unpatched0
Last CVEAug 11, 2025
Plugin page Download
Safety Verdict

Is Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Safe to Use in 2026?

Generally Safe

Score 99/100

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Aug 11, 2025Updated 9mo ago
Risk Assessment

The software-issue-manager plugin v5.0.1 presents a mixed security posture. While it demonstrates strong adherence to secure coding practices in several areas, such as 100% use of prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns remain.

A notable area of risk is the substantial attack surface exposed by unprotected AJAX handlers. With 9 out of 29 AJAX endpoints lacking authentication checks, attackers could potentially exploit these entry points to perform unauthorized actions. The taint analysis further highlights this, revealing 2 high-severity taint flows with unsanitized paths, suggesting potential for data manipulation or injection vulnerabilities that could be leveraged through these unprotected endpoints.

The plugin's vulnerability history, while showing no currently unpatched CVEs, does indicate a past medium-severity Cross-Site Scripting (XSS) vulnerability. This, combined with the presence of the `preg_replace(/e)` dangerous function, which can be susceptible to code execution if not handled carefully, warrants continued vigilance. The outdated bundled Select2 v3.2 library is also a potential vector for known vulnerabilities.

Overall, the plugin has strengths in its data handling and output escaping. However, the significant number of unprotected AJAX endpoints and the identified taint flows represent critical security weaknesses that require immediate attention. Addressing these exposed entry points and ensuring all data is properly sanitized and authorized is paramount to mitigating risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
  • Bundled outdated library (Select2 v3.2)
  • Dangerous functions (preg_replace(/e))
  • Past medium severity CVE (XSS)
Vulnerabilities
1 published

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-8314medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter

Aug 11, 2025 Patched in 5.0.1 (1d)
Version History

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Release Timeline

v5.0.1Current
v5.0.01 CVE
CVE-2025-8314
v4.91 CVE
CVE-2025-8314
v4.8.31 CVE
CVE-2025-8314
v4.8.21 CVE
CVE-2025-8314
v4.8.11 CVE
CVE-2025-8314
v4.8.01 CVE
CVE-2025-8314
v4.7.01 CVE
CVE-2025-8314
v4.6.01 CVE
CVE-2025-8314
v4.5.01 CVE
CVE-2025-8314
v4.4.11 CVE
CVE-2025-8314
v4.4.01 CVE
CVE-2025-8314
v4.3.21 CVE
CVE-2025-8314
v4.3.11 CVE
CVE-2025-8314
v4.3.01 CVE
CVE-2025-8314
v4.2.01 CVE
CVE-2025-8314
v4.1.01 CVE
CVE-2025-8314
v4.0.01 CVE
CVE-2025-8314
v3.0.01 CVE
CVE-2025-8314
v2.3.01 CVE
CVE-2025-8314
Code Analysis
Analyzed Mar 16, 2026

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
38 prepared
Unescaped Output
278
1364 escaped
Nonce Checks
27
Capability Checks
37
File Operations
2
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:495
preg_replace(/e)preg_replace('/eincludes\emd-form-builder-lite\emd-form-functions.php:516

Bundled Libraries

Select23.2

SQL Query Safety

100% prepared38 total queries

Output Escaping

83% escaped1642 total outputs
Data Flows · Security
9 unsanitized

Data Flow Analysis

15 flows9 with unsanitized paths
emd_form_builder_lite_get_field (includes\emd-form-builder-lite\emd-form-builder.php:831)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Attack Surface

Entry Points30
Unprotected9

AJAX Handlers 29

authwp_ajax_single_tax_add_taxtermincludes\admin\singletax\emd-singletax-functions.php:4
authwp_ajax_emd_load_fileincludes\class-install-deactivate.php:53
noprivwp_ajax_emd_load_fileincludes\class-install-deactivate.php:54
authwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:55
noprivwp_ajax_emd_delete_fileincludes\class-install-deactivate.php:56
authwp_ajax_emd_check_userEmailincludes\common-functions.php:541
authwp_ajax_emd_check_uniqueincludes\common-functions.php:570
authwp_ajax_emd_form_builder_lite_get_fieldincludes\emd-form-builder-lite\emd-form-builder.php:830
authwp_ajax_emd_form_builder_lite_get_pageincludes\emd-form-builder-lite\emd-form-builder.php:1192
authwp_ajax_emd_form_builder_lite_get_rowincludes\emd-form-builder-lite\emd-form-builder.php:1245
authwp_ajax_emd_form_builder_lite_save_formincludes\emd-form-builder-lite\emd-form-builder.php:1272
authwp_ajax_emd_form_builder_lite_get_hrincludes\emd-form-builder-lite\emd-form-builder.php:1391
authwp_ajax_emd_form_builder_lite_get_htmlincludes\emd-form-builder-lite\emd-form-builder.php:1411
authwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:9
noprivwp_ajax_emd_formb_lite_submit_ajax_formincludes\emd-form-builder-lite\emd-form-frontend.php:10
noprivwp_ajax_emd_check_userEmailincludes\emd-form-builder-lite\emd-form-frontend.php:11
noprivwp_ajax_emd_check_uniqueincludes\emd-form-builder-lite\emd-form-frontend.php:12
noprivwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1931
authwp_ajax_emd_lite_process_loginincludes\emd-form-builder-lite\emd-form-frontend.php:1932
noprivwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2019
authwp_ajax_emd_lite_verify_registrationincludes\emd-form-builder-lite\emd-form-frontend.php:2020
authwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1091
noprivwp_ajax_emd_form_builder_lite_pagenumincludes\emd-form-builder-lite\emd-form-functions.php:1092
noprivwp_ajax_emd_verify_emailincludes\login-register-functions.php:106
authwp_ajax_emd_verify_emailincludes\login-register-functions.php:107
authwp_ajax_software_issue_manager_send_deactivate_reasonincludes\plugin-feedback-functions.php:11
authwp_ajax_software_issue_manager_show_ratemeincludes\plugin-feedback-functions.php:16
authwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:10
noprivwp_ajax_emd_get_widg_pagenumincludes\widget-functions.php:11

Shortcodes 1

[emd_form] includes\emd-form-builder-lite\emd-form-frontend.php:400
WordPress Hooks 106
actionsoftware_issue_manager_getting_startedincludes\admin\getting-started.php:9
actionsoftware_issue_manager_settings_glossaryincludes\admin\glossary.php:9
actionemd_ext_registerincludes\admin\settings-functions-misc.php:11
filteremd_add_settings_tabincludes\admin\settings-functions-misc.php:12
actionemd_show_settings_tabincludes\admin\settings-functions-misc.php:13
actionemd_ext_registerincludes\admin\settings-functions.php:11
actionemd_show_settings_pageincludes\admin\settings-functions.php:12
actionadd_meta_boxesincludes\admin\singletax\class-emd-single-taxonomy.php:31
filterwp_terms_checklist_argsincludes\admin\singletax\class-emd-single-taxonomy.php:35
actionsave_postincludes\admin\singletax\class-emd-single-taxonomy.php:39
filtermedia_buttonsincludes\admin\wpas-btn-functions.php:10
actionadmin_footerincludes\admin\wpas-btn-functions.php:11
filterkses_allowed_protocolsincludes\admin\wpas-btn-functions.php:222
filterposts_whereincludes\class-emd-query.php:91
filterposts_joinincludes\class-emd-query.php:94
filteremd_wp_session_cookie_secureincludes\class-emd-session.php:59
filteremd_wp_session_cookie_httponlyincludes\class-emd-session.php:60
filteremd_wp_session_delete_batch_sizeincludes\class-emd-session.php:61
filtersafe_style_cssincludes\class-emd-widget.php:57
actionadmin_initincludes\class-install-deactivate.php:21
actionwp_headincludes\class-install-deactivate.php:33
actionadmin_initincludes\class-install-deactivate.php:37
actionadmin_noticesincludes\class-install-deactivate.php:41
actionadmin_initincludes\class-install-deactivate.php:45
actionbefore_delete_postincludes\class-install-deactivate.php:49
actioninitincludes\class-install-deactivate.php:57
filtertiny_mce_before_initincludes\class-install-deactivate.php:62
actionemd_ext_set_confincludes\emd-form-builder-lite\emd-form-builder.php:12
actionemd_ext_initincludes\emd-form-builder-lite\emd-form-builder.php:22
filterposts_whereincludes\emd-form-builder-lite\emd-form-builder.php:48
actionemd_ext_admin_enqincludes\emd-form-builder-lite\emd-form-builder.php:50
actionemd_show_forms_lite_pageincludes\emd-form-builder-lite\emd-form-builder.php:282
actioninitincludes\emd-form-builder-lite\emd-form-frontend.php:44
filteremd_ext_parse_tagsincludes\emd-form-builder-lite\emd-form-functions.php:775
actioninitincludes\emd-form-builder-lite\emd-form-functions.php:801
filterkses_allowed_protocolsincludes\emd-form-builder-lite\emd-form-functions.php:1169
actionemd_ext_registerincludes\emd-form-builder-lite\settings-functions-login.php:12
filteremd_add_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:13
actionemd_show_settings_tabincludes\emd-form-builder-lite\settings-functions-login.php:14
actionemd_ext_admin_enqincludes\emd-lite\emd-lite.php:8
filteremd_lite_modalincludes\emd-lite\emd-lite.php:26
actionsave_postincludes\entities\class-emd-entity.php:96
actionsave_postincludes\entities\class-emd-entity.php:133
actioninitincludes\entities\class-emd-issue.php:27
actionadmin_initincludes\entities\class-emd-issue.php:31
filterwp_dropdown_usersincludes\entities\class-emd-issue.php:35
actionsave_postincludes\entities\class-emd-issue.php:39
filterwp_insert_post_dataincludes\entities\class-emd-issue.php:43
filterpost_updated_messagesincludes\entities\class-emd-issue.php:47
actionadmin_menuincludes\entities\class-emd-issue.php:51
actionadmin_head-edit.phpincludes\entities\class-emd-issue.php:55
actionadmin_menuincludes\entities\class-emd-issue.php:59
filterparent_fileincludes\entities\class-emd-issue.php:63
actionmanage_emd_issue_posts_custom_columnincludes\entities\class-emd-issue.php:69
filtermanage_emd_issue_posts_columnsincludes\entities\class-emd-issue.php:73
actionadmin_initincludes\entities\class-emd-issue.php:78
filterpost_row_actionsincludes\entities\class-emd-issue.php:82
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-issue.php:86
actionadmin_noticesincludes\entities\class-emd-issue.php:774
filterthe_titleincludes\entities\class-emd-issue.php:805
actioninitincludes\entities\class-emd-project.php:27
actionadmin_initincludes\entities\class-emd-project.php:31
filterwp_dropdown_usersincludes\entities\class-emd-project.php:35
actionsave_postincludes\entities\class-emd-project.php:39
filterwp_insert_post_dataincludes\entities\class-emd-project.php:43
actionsave_postincludes\entities\class-emd-project.php:47
filterpost_updated_messagesincludes\entities\class-emd-project.php:51
actionadmin_menuincludes\entities\class-emd-project.php:55
actionadmin_head-edit.phpincludes\entities\class-emd-project.php:59
actionmanage_emd_project_posts_custom_columnincludes\entities\class-emd-project.php:65
filtermanage_emd_project_posts_columnsincludes\entities\class-emd-project.php:69
actionadmin_initincludes\entities\class-emd-project.php:74
filterpost_row_actionsincludes\entities\class-emd-project.php:78
actionadmin_action_emd_duplicate_entityincludes\entities\class-emd-project.php:82
actionadmin_noticesincludes\entities\class-emd-project.php:556
filterthe_titleincludes\entities\class-emd-project.php:627
filterwidget_textincludes\entities\emd-issue-shortcodes.php:56
filterwidget_textincludes\entities\emd-issue-shortcodes.php:57
filteremd_limit_byincludes\filter-functions.php:10
filterprevious_post_linkincludes\filter-functions.php:243
filternext_post_linkincludes\filter-functions.php:244
filteremd_show_temp_sidebarincludes\layout-functions.php:166
actionemd_sidebarincludes\layout-functions.php:196
actionwidgets_initincludes\layout-functions.php:213
filteremd_show_temp_navigationincludes\layout-functions.php:290
filteremd_show_single_edit_linkincludes\layout-functions.php:320
filteremd_change_containerincludes\layout-functions.php:332
filteremd_get_login_register_option_for_viewsincludes\login-register-functions.php:8
actionemd_show_login_register_formsincludes\login-register-functions.php:22
filterplugin_row_metaincludes\plugin-feedback-functions.php:9
filterplugin_action_linksincludes\plugin-feedback-functions.php:10
actionadmin_footerincludes\plugin-feedback-functions.php:14
actionadmin_noticesincludes\plugin-feedback-functions.php:17
actionadmin_post_software-issue-manager_check_optinincludes\plugin-feedback-functions.php:18
filterposts_requestincludes\query-filters.php:9
filterpost_limitsincludes\query-filters.php:10
filterposts_orderbyincludes\query-filters.php:11
actionpre_get_postsincludes\query-filters.php:101
filterp2p_connectable_argsincludes\query-filters.php:118
actionadmin_enqueue_scriptsincludes\scripts.php:9
actionwp_enqueue_scriptsincludes\scripts.php:153
actionadmin_print_footer_scriptsincludes\scripts.php:242
filterthe_contentsoftware-issue-manager.php:58
actionadmin_menusoftware-issue-manager.php:62
filtertemplate_includesoftware-issue-manager.php:66
actionwidgets_initsoftware-issue-manager.php:70
Maintenance & Trust

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 7, 2025
PHP min version
Downloads19K

Community Trust

Rating84/100
Number of ratings12
Active installs20
Alternatives

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Alternatives

Webvizio

Webvizio

webvizio

A
92

The Ultimate Visual Feedback, Collaboration & Productivity Tool for Web Professionals.

100 No CVEs
LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart

lazytasks-project-task-management

C
60

Comprehensive Task Management, FREE! Minimalist design with powerful features to boost your productivity.

70 1 unpatched
QualityHive – Website Feedback Tool

QualityHive – Website Feedback Tool

qualityhive

A
92

Raise website feedback in seconds with QualityHive with no code required to integrate.

10 No CVEs
WBugBoard

WBugBoard

wbugboard

A
92

A professional issue tracking plugin for WordPress to manage and prioritize customer support tickets.

0 No CVEs
Version Info – Server Health Monitor, PHP & MySQL Version Display, Environment Indicators

Version Info – Server Health Monitor, PHP & MySQL Version Display, Environment Indicators

version-info

A
100

The #1 technical dashboard for WordPress professionals. Display PHP, MySQL, WP & server versions anywhere in admin. Monitor CPU, RAM, DB size &amp &hellip;

10K No CVEs
Developer Profile

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager Developer Profile

emarket-design

10 plugins · 4K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
247 days
View full developer profile
Detection Fingerprints

How We Detect Project Management, Bug and Issue Tracking Plugin – Software Issue Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/software-issue-manager/assets/css/emd-datetimepicker.css/wp-content/plugins/software-issue-manager/assets/css/emd-modal.css/wp-content/plugins/software-issue-manager/assets/css/emd-navigation.css/wp-content/plugins/software-issue-manager/assets/css/emd-plugin-style.css/wp-content/plugins/software-issue-manager/assets/css/emd-plugin-style-rtl.css/wp-content/plugins/software-issue-manager/assets/css/emd-progress-bar.css/wp-content/plugins/software-issue-manager/assets/css/emd-tabs.css/wp-content/plugins/software-issue-manager/assets/ext/emd-meta-box/css/emd-meta-box.css+11 more
Script Paths
/wp-content/plugins/software-issue-manager/includes/scripts.php
Version Parameters
software-issue-manager/assets/css/emd-datetimepicker.css?ver=software-issue-manager/assets/css/emd-modal.css?ver=software-issue-manager/assets/css/emd-navigation.css?ver=software-issue-manager/assets/css/emd-plugin-style.css?ver=software-issue-manager/assets/css/emd-plugin-style-rtl.css?ver=software-issue-manager/assets/css/emd-progress-bar.css?ver=software-issue-manager/assets/css/emd-tabs.css?ver=software-issue-manager/assets/ext/emd-meta-box/css/emd-meta-box.css?ver=software-issue-manager/assets/ext/emd-posts-to-posts/css/emd-posts-to-posts.css?ver=software-issue-manager/assets/js/emd-datetimepicker.js?ver=software-issue-manager/assets/js/emd-modal.js?ver=software-issue-manager/assets/js/emd-navigation.js?ver=software-issue-manager/assets/js/emd-plugin-script.js?ver=software-issue-manager/assets/js/emd-progress-bar.js?ver=software-issue-manager/assets/js/emd-tabs.js?ver=software-issue-manager/assets/ext/emd-meta-box/js/emd-meta-box.js?ver=software-issue-manager/assets/ext/emd-posts-to-posts/js/emd-posts-to-posts.js?ver=software-issue-manager/assets/ext/emd-form-builder-lite/js/emd-form-builder.js?ver=software-issue-manager/assets/ext/emd-lite/js/emd-lite.js?ver=

HTML / DOM Fingerprints

CSS Classes
emd-issue-listemd-project-listemd-issue-detailsemd-project-detailsemd_issue_manager_widget
HTML Comments
<!-- EMDB --><div id='emd-login-modal-wrapper' class='emd-modal-wrapper'><!-- EMDB -->
Data Attributes
data-appname='software_issue_manager'data-template='issue'data-template='project'data-app='software-issue-manager'
JS Globals
emd_object.app_name='software_issue_manager'emd_object.template='issue'emd_object.template='project'emd_object.app='software-issue-manager'
Shortcode Output
[emd_issue_list[emd_project_list[emd_issue_details[emd_project_details
FAQ

Frequently Asked Questions about Project Management, Bug and Issue Tracking Plugin – Software Issue Manager