Unrated severityNVD Advisory· Published Nov 21, 2024· Updated Jan 9, 2026
Taskbuilder < 3.0.5 - Admin+ SQL Injection
CVE-2024-9828
Description
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.0.5
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/eb2d0932-fd47-4aef-9d08-4377c742bb6e/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.