Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker Security & Risk Analysis
wordpress.org/plugins/wedevs-project-managerEase Project Management and Task Management using a powerful project manager with Kanban board, Gantt chart, milestone tracking & project reporting.
Is Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker Safe to Use in 2026?
Use With Caution
Score 60/100Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "wedevs-project-manager" plugin version 3.0.3 exhibits a mixed security posture. While it demonstrates good practices in many areas, such as a high percentage of prepared SQL statements and properly escaped output, significant concerns remain. The static analysis reveals a small attack surface with two entry points, but critically, one of these AJAX handlers lacks authentication checks. This unprotected endpoint is a direct avenue for unauthorized access and potential exploitation. The presence of dangerous functions like `unserialize` warrants caution, especially if not handled with robust input validation and sanitization, although the taint analysis did not reveal any immediate unsanitized paths in this specific version. The plugin's vulnerability history is a significant red flag. With 21 known CVEs, including one currently unpatched and multiple high-severity issues, this plugin has a history of significant security weaknesses. The recurring vulnerability types, such as SQL Injection, Cross-Site Scripting, and authorization bypass, indicate systemic issues that attackers have previously exploited effectively. While the recent focus on prepared statements and output escaping is positive, the persistent history of vulnerabilities and the immediate concern of an unprotected AJAX handler necessitate a high degree of caution.
Key Concerns
- Unprotected AJAX handler
- Currently unpatched CVE
- Multiple high-severity past CVEs
- Presence of dangerous unserialize function
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker Security Vulnerabilities
CVEs by Year
Severity Breakdown
21 total CVEs
Project Manager <= 3.0.1 - Authenticated (Subscriber+) Information Exposure
WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'
WP Project Manager <= 2.6.25 - Unauthenticated Sensitive Information Exposure
WP Project Manager <= 2.6.22 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
WP Project Manager <= 2.6.24 - Cross-Site Request Forgery
WP Project Manager <= 2.6.17 - Authenticated (Subscriber+) SQL Injection via orderby Parameter
WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
WP Project Manager <= 2.6.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.16 - Authenticated (Subscriber+) SQL Injection
WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API
WP Project Manager <= 2.6.26 - Authenticated (Project Manager+) SQL Injection
WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.13 - Insecure Direct Object Reference to Unauthenticated Authorization Bypass
WP Project Manager <= 2.6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting
WP Project Manager <= 2.6.7 - Missing Authorization
WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection
WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
Appsero <= 1.2.1 - Missing Authorization
WP Project Manager <= 2.4.13 - Authenticated Stored Cross-Site Scripting
WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker Attack Surface
AJAX Handlers 2
WordPress Hooks 74
Maintenance & Trust
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker Maintenance & Trust
Maintenance Signals
Community Trust
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker Alternatives
FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration
fluent-boards
The Simplest Project & Task Management Plugin Specifically Crafted for Agencies, Freelancers & Founders.
LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart
lazytasks-project-task-management
Comprehensive Task Management, FREE! Minimalist design with powerful features to boost your productivity.
GemBoards – Project Management, Task Management, Sprint Planning, Team Collaboration, and Kanban board Plugin
gemboards
GemBoards is a project and task management plugin that helps teams manage projects, Kanban boards, and sprint workflows from one place.
QuickTasker
quicktasker
Task management plugin designed to help you organize your projects, streamline workflows, and get tasks done efficiently.
Taskbuilder – Project Management & Task Management Tool With Kanban Board
taskbuilder
Taskbuilder is a project management and task management plugin for WordPress with Kanban-style boards to organize and track work.
Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker Developer Profile
20 plugins · 113K total installs
How We Detect Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wedevs-project-manager/views/assets/css/pm-styles.css/wp-content/plugins/wedevs-project-manager/views/assets/css/pm-pro-styles.css/wp-content/plugins/wedevs-project-manager/views/assets/js/pm-config.js/wp-content/plugins/wedevs-project-manager/views/assets/js/pm-scripts.jswedevs-project-manager/views/assets/css/pm-styles.css?ver=wedevs-project-manager/views/assets/css/pm-pro-styles.css?ver=wedevs-project-manager/views/assets/js/pm-config.js?ver=wedevs-project-manager/views/assets/js/pm-scripts.js?ver=HTML / DOM Fingerprints
pm-upload-pickfilespm-upload-containerdata-nonce="wp_rest"data-nonce="pm_nonce"data-base_urldata-api_base_urldata-api_namespacedata-permalinkStructure+26 morepm_vars/wp-json/pm/v2/