PT-2026-40888 · WordPress · Taskbuilder – Project Management & Task Management Tool With Kanban Board
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress versions prior to 5.0.7
Description
An issue exists where authenticated attackers with Subscriber-level access and above can perform time-based blind SQL Injection. This occurs due to insufficient escaping of the user-supplied
project search parameter and a lack of proper preparation of the SQL query. This allows attackers to append additional SQL queries to extract sensitive information from the database.Recommendations
Update the plugin to a version later than 5.0.6.
As a temporary workaround, restrict access to the
project search parameter to minimize the risk of exploitation.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Taskbuilder – Project Management & Task Management Tool With Kanban Board