CVE-2022-3137

CVE-2022-3137: TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload

Vendor Unknown
Product Taskbuilder – WordPress Project & Task Management plugin
Weakness CWE-79 · XSS
Published October 10, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file

Key dates

02Disclosure timeline

October 10, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-3506 Active It Zone Active eCommerce CMS Create Ticket Page support_ticket cross site scripting CVE-2024-56240 WordPress Pronamic Google Maps plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-8490 All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import CVE-2025-43836 WordPress Syndicate Out <= 0.9 - Cross Site Scripting (XSS) Vulnerability CVE-2024-7793 SourceCodester Task Progress Tracker add-task.php cross site scripting