Stored Cross-Site Scripting Vulnerability in Software Issue Manager Plugin for WordPress
CVE-2025-8314

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Project Management, Bug And Issue Tracking Plugin – Software Issue Manager
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-8314?

The Software Issue Manager plugin for WordPress has a stored cross-site scripting vulnerability due to inadequate input sanitization and output escaping in the 'noaccess_msg' parameter. This flaw affects all versions up to and including 5.0.1, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary JavaScript code. The injected scripts can be executed in the context of users accessing compromised pages, posing significant security risks to their data and security.

Affected Version(s)

Project Management, Bug and Issue Tracking Plugin – Software Issue Manager * <= 5.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.svn.wordpress.org/software-issue-manager/...

https://wordpress.org/plugins/software-issue-manager/#dev...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jul 29, 2025

Credit

muhammad yudha