PatchSiren cyber security CVE debrief
CVE-2026-52697 Taskbuilder CVE debrief
CVE-2026-52697 is a HIGH-severity vulnerability in the Taskbuilder plugin, affecting versions up to 5.0.7. The issue is a Subscriber SQL Injection vulnerability. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.5. The CVE was published on 2026-06-15T21:17:24.377Z and last modified on 2026-06-15T21:24:32.790Z.
- Vendor
- Taskbuilder
- Product
- Unknown
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the Taskbuilder plugin, particularly those using versions up to 5.0.7, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is a Subscriber SQL Injection issue in the Taskbuilder plugin. This type of vulnerability allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or modification of sensitive data.
Defensive priority
HIGH
Recommended defensive actions
- Update the Taskbuilder plugin to a version that is not vulnerable (if available).
- Implement additional security measures to protect against SQL injection attacks, such as input validation and sanitization.
- Monitor the plugin's official website or security advisories for updates on patches or mitigations.
Evidence notes
The CVE-2026-52697 details were obtained from the National Vulnerability Database (NVD) and Patchstack. [ref-4](https://patchstack.com/database/wordpress/plugin/taskbuilder/vulnerability/wordpress-taskbuilder-plugin-5-0-7-sql-injection-vulnerability?_s_id=cve) provides additional information on the vulnerability.
Official resources
-
CVE-2026-52697 CVE record
CVE.org
-
CVE-2026-52697 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-52697 was disclosed on 2026-06-15T21:17:24.377Z.