cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11930,https://securityvulnerability.io/vulnerability/CVE-2024-11930,Stored Cross-Site Scripting in Taskbuilder Plugin for WordPress,"The Taskbuilder Plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping on user-supplied attributes within the plugin's wppm_tasks shortcode. This vulnerability affects all versions up to and including 3.0.6, allowing authenticated attackers with contributor-level access or higher to inject arbitrary web scripts. Such scripts can be executed whenever a user accesses a compromised page, potentially leading to unauthorized actions and data exposure. Proper security measures and updates are critical in mitigating these risks.",Wordpress,Taskbuilder – WordPress Project & Task Management Plugin,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,false,false,false,2025-01-04T08:22:52.348Z,0
CVE-2022-3137,https://securityvulnerability.io/vulnerability/CVE-2022-3137,TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload,"The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file",Wordpress,Taskbuilder – WordPress Project & Task Management Plugin,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-10-10T00:00:00.000Z,0