6 matches found
JoomSport <= 5.7.7 - SQL Injection
The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...
CVE-2026-6929
The CVE pertains to the JoomSport WordPress plugin (Team & League, Football, Hockey & more). Affected versions are up to and including 5.7.7, with a time-based blind SQL Injection via the sortf parameter caused by insufficient escaping and inadequate preparation of the SQL query. The vulnerabilit...
EUVD-2025-36062
Cross-Site Request Forgery CSRF vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7...
CVE-2025-58918
CVE-2025-58918 – CSRF in Waituk Entrada Theme (WordPress) A Cross-Site Request Forgery vulnerability affects the Waituk Entrada WordPress theme (versions up to and including 5.7.7). The issue is documented across multiple sources (NVD/Red Hat/CIRCL/CVEs list) with the same description. No exploit...
PT-2025-43864
Name of the Vulnerable Software and Affected Versions Waituk Entrada theme versions through 5.7.7 Description A Cross-Site Request Forgery CSRF issue exists in the Waituk Entrada theme. This allows attackers to perform actions on behalf of authenticated users without their knowledge. The...
CVE-2022-21651 Open redirect in shopware
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to...