Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

68 matches found

GithubExploit
GithubExploitadded 2026/02/10 11:45 p.m.113 views

Exploit for CVE-2025-15368

CVE-2025-15368 Exploit Tool SportsPress Plugin for WordPres...

8.8CVSS6.1AI score0.00067EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/02/05 7:23 p.m.6 views

CVE-2025-15368

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

8.8CVSS6.5AI score0.00067EPSS
Exploits1References1
NVD
NVDadded 2026/02/04 2:16 p.m.7 views

CVE-2025-15368

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

8.8CVSS0.00067EPSS
Exploits1References5
EUVD
EUVDadded 2026/02/04 1:24 p.m.7 views

EUVD-2025-206819

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

8.8CVSS6.5AI score0.00067EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/02/04 1:24 p.m.5 views

CVE-2025-15368 SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

8.8CVSS6.5AI score0.00067EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/02/04 1:24 p.m.28 views

CVE-2025-15368 SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

8.8CVSS0.00067EPSS
Exploits1References5
CVE
CVEadded 2026/02/04 1:24 p.m.15 views

CVE-2025-15368

Vulnerability summary (CVE-2025-15368) : The SportsPress WordPress plugin (versions up to 2.7.26) is vulnerable to Local File Inclusion via the shortcodes’ template_name attribute. Authenticated attackers with contributor-level permissions or higher can include and execute arbitrary server files,...

8.8CVSS6.5AI score0.00067EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/02/04 12:0 a.m.2 views

WordPress plugin SportsPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.1AI score0.00067EPSS
Exploits1References5
Patchstack
Patchstackadded 2026/02/03 11:44 p.m.7 views

WordPress SportsPress plugin <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode vulnerability

Authenticated Contributor+ Local File Inclusion via Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin SportsPress – Sports Club & League Manager versions = 2.7.26...

8.8CVSS5.3AI score0.00067EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/09 9:6 a.m.3 views

CVE-2024-34824

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20...

6.3CVSS6.9AI score0.00117EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-6100

Malware in sbrugna...

5.4CVSS5.5AI score0.00162EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-16946

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00267EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-32552

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00237EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.0 views

EUVD-2024-35089

Malicious code in bioql PyPI...

6.3CVSS6.4AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 9:40 a.m.4 views

CVE-2024-1178

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

5.3CVSS6.7AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 7:22 p.m.6 views

CVE-2021-24578

The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its matchday parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.0021EPSS
Exploits2References1
Patchstack
Patchstackadded 2024/07/30 6:39 a.m.2 views

WordPress SportsPress plugin < 2.7.22 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin SportsPress – Sports Club & League Manager versions 2.7.22...

4.8CVSS6.1AI score0.00237EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2024/07/30 6:15 a.m.0 views

CVE-2024-3986

The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00237EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/07/30 6:0 a.m.15 views

CVE-2024-3986 SportsPress < 2.7.22 - Admin+ Stored XSS

The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00237EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/07/30 6:0 a.m.12 views

CVE-2024-3986 SportsPress < 2.7.22 - Admin+ Stored XSS

The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00237EPSS
Exploits1References1
Rows per page
Query Builder