Does Wired Impact Volunteer Management have any unpatched vulnerabilities?

No. All known vulnerabilities in Wired Impact Volunteer Management have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wired Impact Volunteer Management compatible with WordPress 6.9.4?

According to WordPress.org data, Wired Impact Volunteer Management 2.8.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Wired Impact Volunteer Management compatible with PHP 5.2.4+?

Wired Impact Volunteer Management requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wired Impact Volunteer Management updated?

Wired Impact Volunteer Management was last updated on Jan 21, 2026. Frequent updates are generally a positive security signal.

What is Wired Impact Volunteer Management's security score?

Wired Impact Volunteer Management has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wired Impact Volunteer Management Security & Risk Analysis

wordpress.org/plugins/wired-impact-volunteer-management

A free, easy way to manage your nonprofit's volunteers.

1K active installs v2.8.1 PHP 5.2.4+ WP 6.3+ Updated Jan 21, 2026

non-profitsnonprofitsnot-for-profitvolunteervolunteers

A · Safe

CVEs total2

Unpatched0

Last CVEJan 24, 2026

Plugin page Download

Safety Verdict

Is Wired Impact Volunteer Management Safe to Use in 2026?

Generally Safe

Score 98/100

Wired Impact Volunteer Management has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 24, 2026Updated 2mo ago

Risk Assessment

The wired-impact-volunteer-management plugin v2.8.1 presents a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and a significant number of capability checks, there are notable areas of concern. The presence of five AJAX handlers without authentication checks creates a substantial attack surface that could be exploited by unauthenticated users. The fact that 39% of output is not properly escaped also raises concerns about potential Cross-Site Scripting (XSS) vulnerabilities, even though no critical or high severity taint flows were detected in the static analysis.

The vulnerability history shows two known medium-severity CVEs, with common types being Missing Authorization and Cross-Site Scripting. While there are currently no unpatched vulnerabilities, the historical pattern of these specific vulnerability types, combined with the statically identified lack of authentication on AJAX handlers, suggests a recurring weakness in input validation and access control. The plugin's last recorded vulnerability was in 2026, which is likely a future date and may indicate an error in the data or an issue with the reporting mechanism.

Overall, the plugin has some solid security foundations but requires immediate attention to address the unprotected AJAX endpoints and improve output escaping. The historical vulnerability data reinforces the need for rigorous security audits focused on authorization and XSS prevention. Addressing these specific points will significantly improve the plugin's security.

Key Concerns

5 AJAX handlers without auth checks
Only 61% of output properly escaped
2 known medium severity CVEs historically

Vulnerabilities

Wired Impact Volunteer Management Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2026-24997medium · 5.3Missing Authorization

Wired Impact Volunteer Management <= 2.8 - Missing Authorization

Jan 24, 2026 Patched in 2.8.1 (10d)

CVE-2025-26980medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Wired Impact Volunteer Management <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 23, 2025 Patched in 2.5.1 (9d)

Code Analysis

Analyzed Mar 16, 2026

Wired Impact Volunteer Management Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

148 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

94% prepared18 total queries

Output Escaping

61% escaped242 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

remove_user_opp_rsvp (admin\class-admin.php:1137)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Wired Impact Volunteer Management Attack Surface

Entry Points7

Unprotected5

AJAX Handlers 5

authwp_ajax_wivm_remove_rsvpincludes\class-wi-volunteer-management.php:223

authwp_ajax_wivm_hide_noticeincludes\class-wi-volunteer-management.php:227

authwp_ajax_wivm_process_emailincludes\class-wi-volunteer-management.php:228

authwp_ajax_wivm_sign_upincludes\class-wi-volunteer-management.php:252

noprivwp_ajax_wivm_sign_upincludes\class-wi-volunteer-management.php:253

Shortcodes 2

[one_time_volunteer_opps] includes\class-wi-volunteer-management.php:247

[flexible_volunteer_opps] includes\class-wi-volunteer-management.php:248

WordPress Hooks 47

filterrequestadmin\class-admin.php:1106

filtergform_validationincludes\class-gravity-forms-feed-addon.php:89

filterwivm_search_and_replace_textincludes\class-gravity-forms.php:323

actioninitincludes\class-wi-volunteer-management.php:191

actionplugins_loadedincludes\class-wi-volunteer-management.php:205

actionadmin_enqueue_scriptsincludes\class-wi-volunteer-management.php:206

actionadmin_enqueue_scriptsincludes\class-wi-volunteer-management.php:207

actionadmin_menuincludes\class-wi-volunteer-management.php:208

actionadmin_initincludes\class-wi-volunteer-management.php:209

actionedit_form_after_editorincludes\class-wi-volunteer-management.php:210

actionadd_meta_boxesincludes\class-wi-volunteer-management.php:211

actionsave_postincludes\class-wi-volunteer-management.php:212

actionshow_user_profileincludes\class-wi-volunteer-management.php:213

actionedit_user_profileincludes\class-wi-volunteer-management.php:214

actionpersonal_options_updateincludes\class-wi-volunteer-management.php:215

actionedit_user_profile_updateincludes\class-wi-volunteer-management.php:216

filtermanage_edit-volunteer_opp_columnsincludes\class-wi-volunteer-management.php:217

filtermanage_edit-volunteer_opp_sortable_columnsincludes\class-wi-volunteer-management.php:218

actionmanage_volunteer_opp_posts_custom_columnincludes\class-wi-volunteer-management.php:219

filterparse_queryincludes\class-wi-volunteer-management.php:220

actionviews_edit-volunteer_oppincludes\class-wi-volunteer-management.php:221

actionload-edit.phpincludes\class-wi-volunteer-management.php:222

actionsave_postincludes\class-wi-volunteer-management.php:224

actiondelete_userincludes\class-wi-volunteer-management.php:225

actionadmin_noticesincludes\class-wi-volunteer-management.php:226

actionwp_enqueue_scriptsincludes\class-wi-volunteer-management.php:242

actionwp_headincludes\class-wi-volunteer-management.php:243

actionwp_enqueue_scriptsincludes\class-wi-volunteer-management.php:244

actioninitincludes\class-wi-volunteer-management.php:245

actioninitincludes\class-wi-volunteer-management.php:246

filterwp_trim_wordsincludes\class-wi-volunteer-management.php:249

filterexcerpt_moreincludes\class-wi-volunteer-management.php:250

filterthe_contentincludes\class-wi-volunteer-management.php:251

actionsend_auto_email_remindersincludes\class-wi-volunteer-management.php:254

actionwidgets_initincludes\class-wi-volunteer-management.php:255

filterwivm_form_type_setting_optionsincludes\class-wi-volunteer-management.php:262

actionwivm_display_defaults_settingsincludes\class-wi-volunteer-management.php:263

actionwivm_after_opportunity_detail_meta_fieldsincludes\class-wi-volunteer-management.php:264

actionwivm_save_volunteer_opp_metaincludes\class-wi-volunteer-management.php:265

filterwivm_volunteer_opp_metaincludes\class-wi-volunteer-management.php:266

actionwivm_show_volunteer_sign_up_formincludes\class-wi-volunteer-management.php:267

actionwp_enqueue_scriptsincludes\class-wi-volunteer-management.php:268

actiongform_loadedincludes\class-wi-volunteer-management.php:269

filtergform_custom_merge_tagsincludes\class-wi-volunteer-management.php:270

filtergform_replace_merge_tagsincludes\class-wi-volunteer-management.php:271

filterwivm_show_volunteer_opp_meta_boxesincludes\class-wi-volunteer-management.php:272

actionwpmu_new_blogwivm.php:69

Maintenance & Trust

Wired Impact Volunteer Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 21, 2026

PHP min version5.2.4

Downloads58K

Community Trust

Rating96/100

Number of ratings24

Active installs1K

Alternatives

Wired Impact Volunteer Management Alternatives

Volunteer Sign Up Sheets

pta-volunteer-sign-up-sheets

Easily create and manage sign-up sheets for activities and events, while protecting the privacy of the volunteers' personal information.

1K 1 CVE

Nonprofit Board Management

nonprofit-board-management

100

A simple, free way to manage your nonprofit’s board.

100 No CVEs

Sign-up List

sign-up-list

Publish a sign-up list to rally up volunteers, event guests, participants and the likes. Show people who's on the list and let them sign up.

0 No CVEs

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

donorbox-donation-form

Donorbox is a powerful and secure donation management plugin for WordPress. We are the only donation plugin for WordPress that offers a fast feature-f …

9K 2 CVEs

Sign-up Sheets

sign-up-sheets

Create online sign-up sheets for volunteers, events, and group scheduling.

1K 9 CVEs

Developer Profile

Wired Impact Volunteer Management Developer Profile

Wired Impact

2 plugins · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Wired Impact Volunteer Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wired-impact-volunteer-management/admin/css/jquery-ui.css/wp-content/plugins/wired-impact-volunteer-management/admin/css/admin.css/wp-content/plugins/wired-impact-volunteer-management/admin/js/jquery-ui-timepicker.js/wp-content/plugins/wired-impact-volunteer-management/admin/js/admin.js

Version Parameters

wired-impact-volunteer-management/admin/css/jquery-ui.css?ver=wired-impact-volunteer-management/admin/css/admin.css?ver=wired-impact-volunteer-management/admin/js/jquery-ui-timepicker.js?ver=wired-impact-volunteer-management/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wivm-admin-form

HTML Comments

+11 more

Data Attributes

data-wivm-actiondata-wivm-iddata-wivm-opportunity-iddata-wivm-nonce

JS Globals

wivm_ajax_object

FAQ