Exploit for CVE-2025-15368

CVE-2025-15368 Exploit Tool SportsPress Plugin for WordPres...

CVE-2025-15368

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

CVE-2025-15368

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

EUVD-2025-206819

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

CVE-2025-15368 SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

WordPress plugin SportsPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-32552

Malicious code in bioql PyPI...

CVE-2024-1178

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

CVE-2021-24578

The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its matchday parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue...

WordPress SportsPress plugin < 2.7.22 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Aryom in WordPress Plugin SportsPress – Sports Club & League Manager versions 2.7.22...

CVE-2024-3986

The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-28702 · WordPress · Sportspress

Name of the Vulnerable Software and Affected Versions: SportsPress WordPress plugin versions prior to 2.7.22 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

PT-2024-26221 · Themeboy · Sportspress

Name of the Vulnerable Software and Affected Versions: SportsPress – Sports Club & League Manager versions 2.7.20 and earlier Description: The issue is related to a Missing Authorization vulnerability in the ThemeBoy SportsPress – Sports Club & League Manager plugin. Recommendations: For versions...

CVE-2024-1178

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

PT-2024-17252 · WordPress · Sportspress

Name of the Vulnerable Software and Affected Versions: SportsPress – Sports Club & League Manager plugin for WordPress versions up to, and including, 2.7.17 Description: The issue allows unauthorized modification of data due to a missing capability check on the settings save function. This makes ...

WordPress Plugin SportsPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Live Scores for SportsPress Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Live Scores for SportsPress Type Plugin Vulnerable versions = 1.9.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1a8a87c6e703 Credits Rafie Muhammad...

WordPress Live Scores for SportsPress plugin <= 1.9.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Live Scores for SportsPress plugin versions = 1.9.1. Solution Update the WordPress Live Scores for SportsPress plugin to the latest available version at least 1.9.2...

WordPress SportsPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-102785)

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress SportsPress plugin has a cross-site scripting vulnerability in versions prior to 2.7.9, which...