WP Project Manager
SECURITY BUG: Project manager comments feed into "recent comments" list (3 posts)

  1. ArcherTC
    Posted 3 years ago #

    In a theme with Simple Recent Comments plugin baked in, the following occurs: the comments from Project Manager show up as comments from users on the site's frontend.

    While the backend comments do not show up in full on the frontend of the site, the following does:

    - the person who made the comment
    - the name of the entry to which the comment was made (with subfolder structure revealed for message, task)
    - a link to the comment (which thankfully generates a 404 message on click, but still!)

    Suggested fixes?


  2. Native Imaging
    Posted 2 years ago #

    Yes, I also noticed that the comments are showing up on the front end Recent Comments widget which also means that these are generating RSS feeds as well..

    It's very important that these projects are managed privately with the site admins/editors and contributors...

    Other than that, I really do like this plugin, and hope to see further development or a Pro version license, but this MUST be resolved prior to that.

    Thank You :)

  3. WPyogi
    Forum Moderator
    Posted 2 years ago #

    @Native Imaging - please start your own thread per:


    If you have a security issue, please see:


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WP Project Manager
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.