PT-2026-20280 · WordPress · Taskbuilder – Wordpress Project Management & Task Management
Poystick
+1
·
Publicado
2026-02-18
·
Atualizado
2026-02-18
·
CVE-2026-1640
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Taskbuilder – WordPress Project Management & Task Management plugin versions prior to 5.0.3
Description
The Taskbuilder plugin for WordPress is affected by an authorization bypass issue. Insufficient authorization checks on project and task comment submission functions allow authenticated attackers with subscriber-level access or higher to create comments on any project or task, even those they are not authorized to view. Attackers can inject arbitrary HTML and CSS through the
comment body parameter via the wppm submit proj comment and wppm submit task comment AJAX actions.Recommendations
Update Taskbuilder – WordPress Project Management & Task Management plugin to version 5.0.3 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Taskbuilder – Wordpress Project Management & Task Management