CVE Catalog

CVE-2026-9570

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitize a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.

Risk Assessment

The organization may be exposed to XSS attacks, which could lead to the theft of user session data and other sensitive information.

Recommendation

It is recommended to update the Taskbuilder plugin to version 5.0.8 or later to mitigate this vulnerability.

Original NVD description (English source)

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS