Lucene search
+L

32 matches found

cve
cve
added 2026/04/08 6:43 a.m.37 views

CVE-2026-4871

The Sports Club Management WordPress plugin (affected: versions up to and including 1.12.9) is vulnerable to Stored Cross-Site Scripting via the scm_member_data shortcode’s before/after attributes. Root cause: insufficient input sanitization and output escaping, enabling authenticated attackers w...

6.4CVSS6.1AI score0.00181EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/08 6:43 a.m.26 views

CVE-2026-4871 Sports Club Management <= 1.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute

The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' attributes of the scmmemberdata shortcode in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00181EPSS
Exploits0References3
patchstack
patchstack
added 2026/04/08 1:54 a.m.6 views

WordPress Sports Club Management plugin <= 1.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'before' Attribute vulnerability discovered by zaim in WordPress Plugin Sports Club Management versions = 1.12.9...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/04/08 12:0 a.m.10 views

WordPress plugin Sports Club Management 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.7AI score0.00181EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/09 9:6 a.m.8 views

CVE-2024-34824

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20...

6.3CVSS6.9AI score0.00246EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/11/26 4:56 p.m.8 views

CVE-2025-13422

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

9.8CVSS7AI score0.00394EPSS
Exploits1References1
osv
osv
added 2025/11/20 12:15 a.m.3 views

CVE-2025-13422

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

9.8CVSS5.8AI score0.00394EPSS
Exploits1References4
cnnvd
cnnvd
added 2025/11/20 12:0 a.m.6 views

Sports Club Management System in php SQL注入漏洞

Sports Club Management System in php is a sports club management system by Darkseid Personal Developer. A SQL injection vulnerability exists in Sports Club Management System in php version 1.0, which stems from an incorrect manipulation of the parameter loginid in the file...

9.8CVSS7.7AI score0.00394EPSS
Exploits1References5
cvelist
cvelist
added 2025/11/19 11:32 p.m.18 views

CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

7.5CVSS0.00394EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/11/19 11:32 p.m.4 views

CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

7.5CVSS7.3AI score0.00394EPSS
Exploits1References4
cve
cve
added 2025/11/19 11:32 p.m.24 views

CVE-2025-13422

CVE-2025-13422 affects freeprojectscodes Sports Club Management System 1.0. The vulnerable element is an unknown function in /dashboard/admin/change_s_pwd.php where manipulating the login_id parameter triggers SQL injection. The vulnerability is remotely exploitable and the exploit is public. Doc...

9.8CVSS6.8AI score0.00394EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2025/11/19 12:0 a.m.9 views

PT-2025-47540

Name of the Vulnerable Software and Affected Versions freeprojectscodes Sports Club Management System version 1.0 Description A flaw exists in freeprojectscodes Sports Club Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...

7.5CVSS7.5AI score0.00394EPSS
Exploits1References7
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-35089

Malicious code in bioql PyPI...

6.3CVSS6.4AI score0.00246EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-51395

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00481EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2025/08/28 12:0 a.m.7 views

PT-2025-35154

Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the User argument in the file /login.php. This can be initiated remotely. The exploit has been publicly disclosed...

9.8CVSS7.4AI score0.00387EPSS
Exploits1References11
redhatcve
redhatcve
added 2025/05/22 11:37 p.m.3 views

CVE-2022-4015

A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/makepayments.php. The manipulation of the argument mid/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

9.8CVSS9.3AI score0.00481EPSS
Exploits1References1
osv
osv
added 2024/06/11 10:15 a.m.4 views

CVE-2024-34824

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20...

6.3CVSS5.8AI score0.00246EPSS
Exploits0References1
patchstack
patchstack
added 2024/05/09 2:17 p.m.7 views

WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin SportsPress – Sports Club & League Manager versions = 2.7.20...

6.3CVSS7AI score0.00246EPSS
Exploits0Affected Software1
wpvulndb
wpvulndb
added 2024/04/25 12:0 a.m.15 views

WP Club Manager < 2.2.12 - Authenticated (Player+) Stored Cross-Site Scripting

Description The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS7.8AI score0.00323EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2024/02/05 10:16 p.m.22 views

CVE-2024-1177

The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...

5.3CVSS5.1AI score0.0051EPSS
Exploits0References2
Rows per page
Query Builder