Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 17 Jun 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Wed, 17 Jun 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Taskbuilder
Taskbuilder taskbuilder Wordpress Wordpress wordpress |
|
| Vendors & Products |
Taskbuilder
Taskbuilder taskbuilder Wordpress Wordpress wordpress |
Wed, 17 Jun 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user. | |
| Title | Taskbuilder < 5.0.8 - Reflected XSS via Shortcode | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-06-17T10:45:44.908Z
Reserved: 2026-05-26T11:19:25.354Z
Link: CVE-2026-9570
Updated: 2026-06-17T10:45:40.607Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-18T14:15:06Z