CVE-2026-9570
Taskbuilder < 5.0.8 - Reflected XSS via Shortcode
The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Affected products
Unknown · Taskbuilderpublic PoCs found — 1
cve_referencewpscan.com/vulnerability/e9abd7eb-39f1-49d7-a70e-b07cf3680399/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →