CVE-2024-11930

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Jan 4, 2025
CWE ID 79

Summary

CVE-2024-11930: The WordPress Taskbuilder plugin, used for project and task management, is found to have a Stored Cross-Site Scripting (XSS) vulnerability. This issue affects versions up to and including 3.0.6 of the plugin. Attackers with contributor-level access or higher can exploit this vulnerability by injecting malicious scripts into the wppm_tasks shortcode. Once inserted, these scripts will execute whenever an affected user visits an injected page, potentially leading to significant security risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share