CVE-2026-2351

Published: Mar 21, 2026 Last Modified: Mar 21, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callback_get_text_from_url() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

73

External Control of File Name or Path

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Read Files Or Directories Modify Files Or Directories Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Other)
Applicable Platforms
Operating Systems: Unix, Windows, macOS
Likelihood of Exploit: High
View CWE Details
https://plugins.trac.wordpress.org/browser/task-manager/tag…
https://plugins.trac.wordpress.org/browser/task-manager/tags/3.0.2/module/impor…
https://plugins.trac.wordpress.org/browser/task-manager/tru…
https://plugins.trac.wordpress.org/browser/task-manager/trunk/module/import/act…
https://wordpress.org/plugins/task-manager/
https://wordpress.org/plugins/task-manager/
https://www.wordfence.com/threat-intel/vulnerabilities/id/c…
https://www.wordfence.com/threat-intel/vulnerabilities/id/cd959968-d3f0-4546-8f…