32 matches found
CVE-2026-4871
The Sports Club Management WordPress plugin (affected: versions up to and including 1.12.9) is vulnerable to Stored Cross-Site Scripting via the scm_member_data shortcode’s before/after attributes. Root cause: insufficient input sanitization and output escaping, enabling authenticated attackers w...
CVE-2026-4871 Sports Club Management <= 1.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute
The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' attributes of the scmmemberdata shortcode in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Sports Club Management plugin <= 1.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'before' Attribute vulnerability discovered by zaim in WordPress Plugin Sports Club Management versions = 1.12.9...
WordPress plugin Sports Club Management 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2024-34824
Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20...
CVE-2025-13422
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...
CVE-2025-13422
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...
Sports Club Management System in php SQL注入漏洞
Sports Club Management System in php is a sports club management system by Darkseid Personal Developer. A SQL injection vulnerability exists in Sports Club Management System in php version 1.0, which stems from an incorrect manipulation of the parameter loginid in the file...
CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...
CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...
CVE-2025-13422
CVE-2025-13422 affects freeprojectscodes Sports Club Management System 1.0. The vulnerable element is an unknown function in /dashboard/admin/change_s_pwd.php where manipulating the login_id parameter triggers SQL injection. The vulnerability is remotely exploitable and the exploit is public. Doc...
PT-2025-47540
Name of the Vulnerable Software and Affected Versions freeprojectscodes Sports Club Management System version 1.0 Description A flaw exists in freeprojectscodes Sports Club Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...
EUVD-2024-35089
Malicious code in bioql PyPI...
EUVD-2022-51395
Malicious code in bioql PyPI...
PT-2025-35154
Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the User argument in the file /login.php. This can be initiated remotely. The exploit has been publicly disclosed...
CVE-2022-4015
A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/makepayments.php. The manipulation of the argument mid/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2024-34824
Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20...
WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin SportsPress – Sports Club & League Manager versions = 2.7.20...
WP Club Manager < 2.2.12 - Authenticated (Player+) Stored Cross-Site Scripting
Description The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-1177
The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...