45 matches found
CVE-2024-9828
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...
PT-2024-39870
Name of the Vulnerable Software and Affected Versions The Taskbuilder WordPress plugin versions prior to 3.0.5 Description The issue allows high privilege users, such as admins, to perform SQL Injection attacks due to the lack of sanitization of user input into the load orders parameter, which is...
CVE-2022-3137
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
CVE-2022-3137
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
CVE-2022-3137 TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...