CVE-2026-12133
Summary: The JoomSport – for Sports: Team & League, Football & more plugin for WordPress (up to version 5.7.8) is vulnerable to Missing Authorization to Arbitrary Group Deletion via the joomsport_season_groupdel() AJAX handler. The issue arises from a missing capability check; the handler only ve...