Lucene search
+L

130 matches found

nvd
nvd
added 2026/07/01 5:16 a.m.9 views

CVE-2026-12110

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00328EPSS
Exploits0References11
nvd
nvd
added 2026/07/01 5:16 a.m.8 views

CVE-2026-12090

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00319EPSS
Exploits0References9
euvd
euvd
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40898

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References9
cve
cve
added 2026/07/01 3:43 a.m.16 views

CVE-2026-12090

The Taskbuilder WordPress plugin (Taskbuilder – Project Management & Task Management Tool With Kanban Board) is affected by a generic SQL Injection via the wppm_proj_filter parameter in all versions up to 5.0.8. The root cause is insufficient escaping of the user-supplied parameter and an inadequ...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References9
cvelist
cvelist
added 2026/07/01 3:43 a.m.35 views

CVE-2026-12090 Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'wppm_proj_filter' Parameter

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00319EPSS
Exploits0References9
cvelist
cvelist
added 2026/07/01 3:43 a.m.48 views

CVE-2026-12110 Taskbuilder <= 5.0.8 - Authenticated (Subscriber+) SQL Injection via 'task_search' Parameter

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00328EPSS
Exploits0References11
cve
cve
added 2026/07/01 3:43 a.m.28 views

CVE-2026-12110

CVE-2026-12110 relates to the WordPress plugin Taskbuilder – Project Management & Task Management Tool With Kanban Board. All versions up to 5.0.8 are affected by a generic SQL Injection in the task_search parameter caused by insufficient escaping and lack of proper query preparation. This allows...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References11
euvd
euvd
added 2026/07/01 3:43 a.m.6 views

EUVD-2026-40894

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References11
nvd
nvd
added 2026/06/17 1:21 p.m.11 views

CVE-2026-9570

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

7.1CVSS0.00146EPSS
Exploits0References1
cve
cve
added 2026/06/17 6:0 a.m.19 views

CVE-2026-9570

Summary: CVE-2026-9570 affects the Taskbuilder WordPress plugin prior to 5.0.8. The vulnerability arises because a URL parameter is not properly sanitized before being echoed into inline JavaScript on a frontend page that uses a shortcode, causing a Reflected Cross-Site Scripting (XSS) vulnerabil...

7.1CVSS5.2AI score0.00146EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/17 6:0 a.m.63 views

CVE-2026-9570 Taskbuilder < 5.0.8 - Reflected XSS via Shortcode

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

0.00146EPSS
Exploits0References1
nvd
nvd
added 2026/06/15 9:17 p.m.10 views

CVE-2026-52697

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

8.5CVSS0.00339EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/15 8:19 p.m.32 views

CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

8.5CVSS0.00339EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 8:19 p.m.13 views

EUVD-2026-36903

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

8.5CVSS5.7AI score0.00339EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:19 p.m.19 views

CVE-2026-52697

CVE-2026-52697 affects the WordPress Taskbuilder plugin (versions &lt;= 5.0.7). The vulnerability is an SQL Injection in the Taskbuilder component, with CVSSv3.1 metrics indicating a high-severity issue (8.5) that is network-exploitable, requires low privileges, and does not require user interact...

8.5CVSS5.7AI score0.00339EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/15 8:19 p.m.7 views

CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

8.5CVSS5.7AI score0.00339EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.11 views

PT-2026-49521

Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...

8.5CVSS5.7AI score0.00339EPSS
Exploits0References2
patchstack
patchstack
added 2026/06/10 9:7 a.m.8 views

WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin Taskbuilder versions = 5.0.7...

8.5CVSS5.9AI score0.00339EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2026/05/14 10:55 a.m.16 views

WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection vulnerability

Authenticated Subscriber+ Time-Based Blind SQL Injection vulnerability discovered by Louis Deschanel JeanJeanLeHaxor - Patrowl in WordPress Plugin Taskbuilder versions = 5.0.6...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/05/14 7:16 a.m.74 views

CVE-2026-6225

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS0.00224EPSS
Exploits0References2
Rows per page
Query Builder