CVE-2022-3137

Name of the Vulnerable Software and Affected Versions Taskbuilder WordPress plugin versions prior to 1.0.8

Description The issue allows any authenticated user to perform Stored Cross-Site Scripting by attaching a malicious SVG file to a task, due to the lack of validation and sanitization of task attachments.

Recommendations For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider restricting the ability to attach files to tasks or disabling the attachment feature until the update is applied.