CVE-2025-22716 WordPress Taskbuilder Plugin <= 3.0.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in taskbuilder Taskbuilder taskbuilder allows SQL Injection.This issue affects Taskbuilder: from n/a through = 3.0.6...

WordPress plugin Taskbuilder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-4643 · Unknown · Taskbuilder

Name of the Vulnerable Software and Affected Versions: Taskbuilder versions 3.0.6 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL injection. This problem can pose a significant cybersecurity risk. Recommendations: F...

WordPress Taskbuilder Plugin <= 3.0.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Taskbuilder versions = 3.0.6...

CVE-2024-11930

The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppmtasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-11930 Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode

The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppmtasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-11930 Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode

The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppmtasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-11930

CVE-2024-11930 affects the Taskbuilder – WordPress Project & Task Management plugin for WordPress. The vulnerability is Stored Cross‑Site Scripting via the wppm_tasks shortcode in versions up to and including 3.0.6, caused by insufficient input sanitization and output escaping on user-supplied at...

PT-2025-1717 · WordPress · The Taskbuilder

Name of the Vulnerable Software and Affected Versions: The Taskbuilder – WordPress Project & Task Management plugin versions up to, and including, 3.0.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wppm tasks shortcode due to insufficient input sanitization an...

WordPress plugin Taskbuilder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

WordPress Taskbuilder plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wppmtasks Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Taskbuilder versions = 3.0.6...

WordPress Taskbuilder plugin < 3.0.5 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Ryoma Yamada in WordPress Plugin Taskbuilder versions 3.0.5...

CVE-2024-9828

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...

CVE-2024-9828

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...

CVE-2024-9828 Taskbuilder < 3.0.5 - Admin+ SQL Injection

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...

CVE-2024-9828 Taskbuilder < 3.0.5 - Admin+ SQL Injection

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'loadorders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks...

CVE-2024-9828

CVE-2024-9828 affects the Taskbuilder WordPress plugin before 3.0.5. The root cause is failure to sanitize the load_orders input, which is used in a SQL statement, enabling high-privilege users (e.g., admins) to perform SQL Injection. The vulnerability enables partial impact because only input ha...

WordPress Taskbuilder Plugin < 3.0.5 is vulnerable to SQL Injection

Software Taskbuilder Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9828 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2a9c798f6792 Credits Ryoma Yamada Required privilege Administrator Published ...

WordPress plugin Taskbuilder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-39870

Name of the Vulnerable Software and Affected Versions The Taskbuilder WordPress plugin versions prior to 3.0.5 Description The issue allows high privilege users, such as admins, to perform SQL Injection attacks due to the lack of sanitization of user input into the load orders parameter, which is...