cleantalk
Vulnerabilities and Security Researches

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager, CVE-2025-8314

CVE, Research URL

CVE-2025-8314

Home page URL

Security reports for Project Management, Bug and Issue Tracking Plugin – Software Issue Manager

Application

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager

Published on
Aug 12, 2025
Research Description
The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 5.0.1.
Status
vulnerable
Previous vulnerability researches
BuddyPress XProfile Custom Image Field (CVE-2025-48158) , Aug 04, 2025
New vulnerability
RentSyst – CRM solution for fleet management (CVE-2025-48152) , Aug 12, 2025
Mosaic Generator (CVE-2025-8621) , Aug 12, 2025
B Slider – Slider for your block editor (CVE-2025-8418) , Aug 12, 2025
AnWP Football Leagues (CVE-2025-8767) , Aug 12, 2025
User Language Switch (CVE-2025-49064) , Aug 12, 2025