112 matches found
CVE-2026-1639
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sortby' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-1640
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...
WordPress Taskbuilder plugin <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters vulnerability
Authenticated Subscriber+ SQL Injection via 'order' and 'sortby' Parameters vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Taskbuilder versions = 5.0.2...
CVE-2026-1640 Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...
CVE-2026-1640
CVE-2026-1640 affects the WordPress Taskbuilder plugin (versions
CVE-2026-1640 Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...
CVE-2026-1639
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sortby' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-1639
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sortby' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-1639 Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sortby' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-1639 Taskbuilder <= 5.0.2 - Authenticated (Subscriber+) SQL Injection via 'order' and 'sort_by' Parameters
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sortby' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-1639
The Taskbuilder WordPress plugin (Taskbuilder – WordPress Project Management & Task Management) is affected by a time-based blind SQL Injection in all versions up to 5.0.2, via the parameters after parsing used in the plugin’s queries (notably order and sort_by). Root cause per sources: insuffici...
PT-2026-20279
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sort by' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...
WordPress plugin Taskbuilder – WordPress Project Management & Task Management SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-20280
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions: wppm submit proj...
WordPress plugin Taskbuilder – WordPress Project Management & Task Management 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
WordPress Taskbuilder plugin <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Project/Task Comment Creation vulnerability discovered by Tarcísio Luchesi De Almeida Silva Poystick in WordPress Plugin Taskbuilder versions = 5.0.2...
CVE-2025-67933
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...
CVE-2025-67933
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...
CVE-2025-67933 WordPress Taskbuilder plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...
CVE-2025-67933
CVE-2025-67933 is a Reflected Cross-Site Scripting issue in Taskbuilder – WordPress Project Management (Taskbuilder) with a root cause of improper input neutralization during web page generation. Affected range is Taskbuilder: from n/a through