Vulnerabilities > Taskbuilder
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-21 | CVE-2025-22716 | SQL Injection vulnerability in Taskbuilder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Taskbuilder Team Taskbuilder allows SQL Injection. | 8.8 |
| 2025-01-04 | CVE-2024-11930 | Cross-site Scripting vulnerability in Taskbuilder The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2022-10-10 | CVE-2022-3137 | Unspecified vulnerability in Taskbuilder The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file | 5.4 |