CVE-2025-4594

The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-5644

The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5627

The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

CVE-2025-4594

The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-4594 Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2025-4594

CVE-2025-4594 refers to the WordPress plugin Tournamatch. The vulnerability is a stored cross-site scripting (XSS) arising from insufficient input sanitization and output escaping in the trn-ladder-registration-button shortcode, affecting versions up to and including 4.6.1. An authenticated attac...

WordPress plugin Tournamatch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-22576 · WordPress · Tournamatch

Name of the Vulnerable Software and Affected Versions: Tournamatch plugin for WordPress versions up to and including 4.6.1 Description: The issue is related to Stored Cross-Site Scripting via the 'trn-ladder-registration-button' shortcode. This is due to insufficient input sanitization and output...

CVE-2025-32600 WordPress Tournamatch plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through = 4.7.0...

CVE-2025-32600

CVE-2025-32600: Reflected XSS in Tournamatch. Affected: Tournamatch versions up to 4.6.1 (no fixed version stated in provided docs). Root cause: improper neutralization of input during web page generation leading to reflected cross-site scripting. Severity: CVSS v3.1 base score 7.1 (HIGH) with ne...

CVE-2025-32600 WordPress Tournamatch plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through = 4.7.0...

WordPress Tournamatch plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Tournamatch versions = 4.7.0...

WordPress WordPress Plugin Tournamatch plugin < 4.6.1 - Admin+ Stored XSS via Ladders vulnerability

Admin+ Stored XSS via Ladders vulnerability discovered by Bob Matyas in WordPress Plugin Tournamatch versions 4.6.1...

WordPress WordPress Plugin Tournamatch plugin < 4.6.1 - Subscriber+ Stored XSS vulnerability

Subscriber+ Stored XSS vulnerability discovered by Davide Balzano in WordPress Plugin Tournamatch versions 4.6.1...

WordPress Tournamatch Plugin < 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Tournamatch Type Plugin Vulnerable versions 4.6.1 Fixed in 4.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5644 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3c654a015197 Credits Bob Matyas Required privilege...

CVE-2024-5644

The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5627

The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

PT-2024-36777 · WordPress · Tournamatch

Name of the Vulnerable Software and Affected Versions: Tournamatch WordPress plugin versions prior to 4.6.1 Description: The issue allows users with a role as low as subscriber to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters...