WP Admin Todo List Security & Risk Analysis
wordpress.org/plugins/wp-admin-todo-listWP Admin Todo List helps you to keep list of the tasks in admin panel. It is helpful tool for developers, administrators and users as well.
Is WP Admin Todo List Safe to Use in 2026?
Generally Safe
Score 85/100WP Admin Todo List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-admin-todo-list v1.4 plugin presents a concerning security posture due to several critical vulnerabilities identified in its static analysis. A significant attack surface is exposed with two AJAX handlers, both of which lack authentication checks, making them prime targets for unauthorized access and manipulation. Furthermore, the plugin fails to implement any output escaping, meaning that any data processed or displayed could be vulnerable to cross-site scripting (XSS) attacks. The presence of the `unserialize` function is a serious concern, as it can lead to remote code execution if an attacker can control the serialized data. While the plugin has no recorded vulnerability history, this does not negate the severe risks identified in its current codebase. The absence of nonce checks and capability checks further exacerbates these vulnerabilities, leaving the plugin highly susceptible to exploitation. The plugin's use of prepared statements for SQL queries is a positive aspect, but it is overshadowed by the more critical issues.
Key Concerns
- AJAX handlers without auth checks
- Dangerous function: unserialize
- Output escaping: 0% properly escaped
- Missing nonce checks
- Missing capability checks
- Taint flows with unsanitized paths
WP Admin Todo List Security Vulnerabilities
WP Admin Todo List Release Timeline
WP Admin Todo List Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
WP Admin Todo List Attack Surface
AJAX Handlers 2
WordPress Hooks 3
Maintenance & Trust
WP Admin Todo List Maintenance & Trust
Maintenance Signals
Community Trust
WP Admin Todo List Alternatives
Dashboard To-Do List
dashboard-to-do-list
A dashboard to-do list widget with the option to show the to-do list on the website. This is a great tool for web developers building a new website.
Todo for BuddyPress & BuddyBoss
bp-user-to-do-list
Transform your BuddyPress or BuddyBoss community into a powerful task management platform. Members can create personal todos, collaborate on group tas …
Sortable Dashboard To-Do List
sortable-dashboard-to-do-list
Adds a sortable to-do list widget to your WP dashboard. Useful for developers, content writers, and team tasks. Easily assign tasks to other users.
Awesome Project Manager
awesome-project-manager
A Single Page(SPA) WordPress project management plugin in WordPress plugin repository. Built with cutting edge technologies like VueJs.
Simple Todo List
simple-todo-list
The missing todo list dashboard widget for WordPress.
WP Admin Todo List Developer Profile
1 plugin · 20 total installs
How We Detect WP Admin Todo List
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-admin-todo-list/js/wp-admin-todo-list.jsjquery-ui-corejquery-ui-dialogjquery-ui-sortablejquery-ui-draggablejquery-ui-droppableHTML / DOM Fingerprints
sm_at_div_wrappersm_at_statussm_at_textarea_divsm_at_textarea_div_inputsm_delete_tododraggable_handlesm_at_todo_main_blockslidetoggle-buttoncheck and remove empty fields, then pass data to savefunction saves data passed in array format.detect enterdetect backspace+7 moreonclick="return show_todo(this);"id="sm_at_textarea_div"contenteditableXXonkeyup=""oninput="return sm_at_process_textarea(this,event);"onkeyup="return check_key(event, this);"+9 moreshow_todosm_at_todo_main_block_cookiesm_at_process_textareasettimesm_at_remove_emptysm_at_save_data+4 more/wp-admin/admin-ajax.php