Taskbuilder%20%E2%80%93%20Project%20Management%20%26%20Task%20Management%20Tool%20With%20Kanban%20Board

Taskbuilder – Project Management & Task Management Tool With Kanban Board

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2026-2289

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-4.4||MEDIUM

EPSS-Not Assigned

Published-04 Mar, 2026 | 01:21

Updated-04 Mar, 2026 | 18:08

Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field

The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Vendor-taskbuilder

Product-Taskbuilder – Project Management & Task Management Tool With Kanban Board

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')