TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
CVE-2022-3137

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
Taskbuilder – WordPress Project & Task Management Plugin
Vendor
CVE Published:
10 October 2022

What is CVE-2022-3137?

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Taskbuilder – WordPress Project & Task Management plugin 1.0.8

References

https://wpscan.com/vulnerability/524928d6-d4e9-4a2f-b410-...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rizacan Tufan
JSON
.