GCVE - cpe:2.3:a:emarket-design:project_management,_bug_and_issue_tracking_plugin_–_software_issue

Approved changes feed: RSS · Atom

cpe:2.3:a:emarket-design:project_management,_bug_and_issue_tracking_plugin_–_software_issue_manager:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Emarket Design (`8fb61feb-3a38-520b-9ec4-c08f2531594e`)
Product	Project Management, Bug And Issue Tracking Plugin – Software Issue Manager (`4dbb8b5e-0767-5186-8fc8-c4b076e735f0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8420`	vulnerable	2026-06-03 15:13:43.577645	Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution HIGH (8.1) Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called Published: 2025-08-06T02:24:12.120Z Updated: 2026-04-08T16:56:28.904Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset/3346435/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8314`	vulnerable	2026-06-03 15:13:43.374070	Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter MEDIUM (6.4) The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2025-08-12T04:25:41.252Z Updated: 2026-04-08T16:48:06.032Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/3ef87ab8-d56b-4d3a-b4fc-6c17c24143ec?source=cve https://plugins.svn.wordpress.org/software-issue-manager/tags/5.0.0/includes/emd-form-builder-lite/emd-form-frontend.php https://wordpress.org/plugins/software-issue-manager/#developers https://plugins.trac.wordpress.org/changeset/3341018/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Project Management, Bug And Issue Tracking Plugin – Software Issue Manager

PURL mappings

Vulnerability references

Contribute