A vulnerability has been found in taskbuilder Taskbuilder Plugin up to 5.0.6 on WordPress and classified as critical . Affected is an unknown function. This manipulation of the argument project_search causes sql injection. This vulnerability is registered as CVE-2026-6225 . Remote exploitation of the attack is possible. No exploit is available.