Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2024-11930
- EPSS 0.3%
- Veröffentlicht 04.01.2025 09:15:05
- Zuletzt bearbeitet 25.02.2025 22:45:14
The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization an...
4.1
CVE-2024-9828
- EPSS 0.5%
- Veröffentlicht 21.11.2024 11:15:38
- Zuletzt bearbeitet 09.01.2026 21:16:10
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks
5.4
CVE-2022-3137
- EPSS 0.47%
- Veröffentlicht 10.10.2022 21:15:11
- Zuletzt bearbeitet 21.11.2024 07:18:54
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file