382 matches found
PT-2025-26209 · WordPress · Football-Pool
Name of the Vulnerable Software and Affected Versions: Football Pool plugin for WordPress versions up to, and including, 2.12.4 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated...
CVE-2024-8917
The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...
CVE-2024-29802
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3...
CVE-2024-43139
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9...
CVE-2024-43130
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10...
CVE-2025-30764
Cross-Site Request Forgery CSRF vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through = 2.12.2...
CVE-2025-30764
Cross-Site Request Forgery CSRF vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through = 2.12.2...
CVE-2025-30764 WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross-Site Request Forgery CSRF vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through = 2.12.2...
CVE-2025-30764
CVE-2025-30764 is a CSRF to settings update vulnerability in the Football Pool WordPress plugin. Affected product: Football Pool (WordPress) up to version 2.12.2 (initial description states from n/a through 2.12.2). The connected document confirms the issue as Cross-Site Request Forgery to Settin...
CVE-2025-30764 WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross-Site Request Forgery CSRF vulnerability in AntoineH Football Pool football-pool allows Cross Site Request Forgery.This issue affects Football Pool: from n/a through = 2.12.2...
WordPress plugin Football Pool 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Football Pool versions = 2.12.2...
football-aktuell.de Cross Site Scripting vulnerability OBB-4037249
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-8917
The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...
CVE-2024-8917
The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...
WordPress plugin AnWP Football Leagues 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...
CVE-2024-8917 AnWP Football Leagues <= 0.16.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access an...
CVE-2024-8917
CVE-2024-8917 affects the WordPress plugin AnWP Football Leagues. It enables a Stored XSS via SVG file uploads in all versions up to and including 0.16.7 due to insufficient input sanitization and output escaping. Exploitation requires Author-level access or higher . A patch exists: upgrade to ve...
WordPress AnWP Football Leagues plugin <= 0.16.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin AnWP Football Leagues versions = 0.16.7...
WordPress AnWP Football Leagues Plugin <= 0.16.7 is vulnerable to Cross Site Scripting (XSS)
Software AnWP Football Leagues Type Plugin Vulnerable versions = 0.16.7 Fixed in 0.16.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8917 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1862a8d1a35e Credits Francesco Carluc...