The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Taskbuilder |
|
| Wordpress |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Taskbuilder |
|
| Wordpress |
|
References
History
Wed, 17 Jun 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Taskbuilder
Taskbuilder taskbuilder Wordpress Wordpress wordpress |
|
| Vendors & Products |
Taskbuilder
Taskbuilder taskbuilder Wordpress Wordpress wordpress |
Wed, 17 Jun 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user. | |
| Title | Taskbuilder < 5.0.8 - Reflected XSS via Shortcode | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-06-17T06:00:02.733Z
Reserved: 2026-05-26T11:19:25.354Z
Link: CVE-2026-9570
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-17T09:00:06Z