CVE-2026-1640 | Taskbuilder Plugin up to 5.0.2 on WordPress Private Project wppm_submit_proj_comment/wppm_submit_task_comment comment_body authorization

A vulnerability categorized as critical has been discovered in Taskbuilder Plugin up to 5.0.2 on WordPress. Impacted is the function wppm_submit_proj_comment/wppm_submit_task_comment of the component Private Project Handler. Such manipulation of the argument comment_body leads to missing authorization.

This vulnerability is referenced as CVE-2026-1640. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More