What is the CVSS score of CVE-2026-52697?

CVE-2026-52697 has a CVSS 3.1 base score of 8.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L. EPSS exploitation probability: 0.3%.

Which versions of Taskbuilder are affected by CVE-2026-52697?

Taskbuilder WordPress plugin versions 5.0.7 and earlier contains a SQL injection vulnerability allowing authenticated Subscriber-level users to query the WordPress database directly, exposing…

How to fix or mitigate CVE-2026-52697?

Within 24 hours: Audit all WordPress instances for Taskbuilder plugin installation and version. Within 7 days: Either disable Taskbuilder plugin entirely or eliminate Subscriber user accounts and restrict plugin access to Administrators only; enable database query logging. Within 30 days: Subscribe to Patchstack/Taskbuilder security channels for patch notification; deploy vendor patch to all affected instances immediately upon release.

Taskbuilder CVE-2026-52697

EUVD-2026-36903 HIGH

SQL Injection (CWE-89)

2026-06-15 Patchstack

GHSA-whmx-827p-3wxv

SQLi Taskbuilder

8.5

CVSS 3.1 · Vendor: Patchstack

Severity by source

Vendor (Patchstack) PRIMARY

8.5 HIGH

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

vuln.today AI

8.5 HIGH

Network-reachable WordPress endpoint, low complexity, requires a Subscriber account (PR:L); SQLi crosses scope into the shared DB yielding high confidentiality, no direct integrity, and low availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Jun 15, 2026 - 21:25 vuln.today

DescriptionCVE.org

Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

AnalysisAI

SQL injection in the Taskbuilder WordPress plugin versions 5.0.7 and earlier allows authenticated Subscriber-level users to inject malicious SQL into backend database queries, enabling exposure of sensitive data including credential hashes and limited integrity/availability impact on the underlying WordPress site. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 8.5 driven by a scope change to the database tier; there is no public exploit identified at time of analysis and the issue is not on CISA KEV.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Delivery

Authenticate to WordPress

Exploit

Send crafted request to Taskbuilder endpoint

Install

Inject SQL via vulnerable parameter

Exfiltrate wp_users hashes from database

Execute

Crack or replay admin credentials

Impact

Full site takeover

Recon

Delivery

Authenticate to WordPress

Exploit

Send crafted request to Taskbuilder endpoint

Install

Inject SQL via vulnerable parameter

Exfiltrate wp_users hashes from database

Execute

Crack or replay admin credentials

Impact

Full site takeover

Vulnerability AssessmentAI

Exploitation	Exploitation requires an authenticated WordPress account at Subscriber level or above on a site with the Taskbuilder plugin installed and active at version 5.0.7 or earlier, and the targeted Taskbuilder endpoint must be reachable by that low-privileged role. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L reflects remotely reachable, low-complexity exploitation by any authenticated Subscriber - a privilege tier that many WordPress sites grant automatically on open registration - with a scope change yielding high confidentiality impact on the database. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker registers a free Subscriber account on a WordPress site running Taskbuilder <= 5.0.7, then sends a crafted request to a vulnerable plugin endpoint with SQL payloads in a parameter that is concatenated into a backend query. The injection extracts administrator password hashes and session tokens from wp_users and wp_usermeta, which the attacker then cracks or replays to escalate to full site takeover. …
Remediation	Patch available per vendor advisory; administrators should upgrade Taskbuilder to the version above 5.0.7 published on the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/taskbuilder/vulnerability/wordpress-taskbuilder-plugin-5-0-7-sql-injection-vulnerability and verify via the WordPress plugin updater. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all WordPress instances for Taskbuilder plugin installation and version. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-9570 HIGH This Week POC

7.1 Jun 17

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline

CVE-2026-52697 vulnerability details – vuln.today

Back