122 matches found
CVE-2026-9570
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...
CVE-2026-9570
Summary: CVE-2026-9570 affects the Taskbuilder WordPress plugin prior to 5.0.8. The vulnerability arises because a URL parameter is not properly sanitized before being echoed into inline JavaScript on a frontend page that uses a shortcode, causing a Reflected Cross-Site Scripting (XSS) vulnerabil...
CVE-2026-9570 Taskbuilder < 5.0.8 - Reflected XSS via Shortcode
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...
CVE-2026-52697
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
CVE-2026-52697
CVE-2026-52697 affects the WordPress Taskbuilder plugin (versions <= 5.0.7). The vulnerability is an SQL Injection in the Taskbuilder component, with CVSSv3.1 metrics indicating a high-severity issue (8.5) that is network-exploitable, requires low privileges, and does not require user interact...
CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
EUVD-2026-36903
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
PT-2026-49521
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by VanTastic in WordPress Plugin Taskbuilder versions = 5.0.7...
WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection vulnerability
Authenticated Subscriber+ Time-Based Blind SQL Injection vulnerability discovered by Louis Deschanel JeanJeanLeHaxor - Patrowl in WordPress Plugin Taskbuilder versions = 5.0.6...
CVE-2026-6225
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-6225
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-6225 Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection via 'project_search' Parameter
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-6225 Taskbuilder – Project Management & Task Management Tool With Kanban Board <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection via 'project_search' Parameter
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-6225
The CVE concerns the WordPress plugin Taskbuilder – Project Management & Task Management Tool With Kanban Board . It is vulnerable to a time-based blind SQL Injection via the 'project_search' parameter in all versions up to and including 5.0.6 , caused by insufficient escaping and inadequate prep...
EUVD-2026-30251
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'projectsearch' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...
PT-2026-40888
The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'project search' parameter in all versions up to, and including, 5.0.6 due to insufficient escaping on the user supplied parameter and lack of...
WordPress plugin Taskbuilder SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-2289
The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...