Vulnerabilities and security researches fortask-scheduler task-scheduler

Jun 07, 2024

Apr 13, 2025

CVE, Research URL: CVE-2025-32599
Home page URL: Security reports for Task Scheduler
Application: Task Scheduler
Date: Apr 11, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miunosoft Task Scheduler allows Reflected XSS. This issue affects Task Scheduler: from n/a through 1.6.3.
Affected versions: max 1.6.3.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-10056
Home page URL: Security reports for Task Scheduler
Application: Task Scheduler
Date: Oct 15, 2025
Research Description: The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions: max 1.6.3.
Status: vulnerable