Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Task Manager Plugin for WordPress: Unauthorized File Access on All Versions up to 3.0.2
CVE-2026-2351
Summary
The Task Manager plugin for WordPress can allow an attacker with a subscriber account or higher to read sensitive files on the server. This could lead to the exposure of confidential information. Update the plugin to a version later than 3.0.2 to fix this issue.
Original title
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callback_get_text_from_url() function. This makes it possible for auth...
Original description
The Task Manager plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.0.2 via the callback_get_text_from_url() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
nvd CVSS3.1
6.5
Vulnerability type
CWE-73
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026