cleantalk
Vulnerabilities and Security Researches

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager, CVE-2025-8314

CVE, Research URL

CVE-2025-8314

Home page URL

Security reports for Project Management, Bug and Issue Tracking Plugin – Software Issue Manager

Application

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager

Published on
Aug 12, 2025
Research Description
The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 5.0.1.
Status
vulnerable
Previous vulnerability researches
Giveaway Boost (CVE-2024-49332) , Oct 20, 2024
Giveaways and Contests by PromoSimple (CVE-2025-23934) , Jan 18, 2025
WPExperts Square For GiveWP (CVE-2024-13713) , Feb 22, 2025
WPExperts Square For GiveWP (CVE-2024-47338) , Sep 30, 2024
Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more (CVE-2024-11898) , Dec 06, 2024
New vulnerability
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2025-54028) , Aug 13, 2025
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks (CVE-2025-54007) , Aug 13, 2025
WooCommerce Purchase Orders (CVE-2025-5391) , Aug 13, 2025
RentSyst – CRM solution for fleet management (CVE-2025-48152) , Aug 12, 2025
Mosaic Generator (CVE-2025-8621) , Aug 12, 2025