CVE-2025-58987 WordPress Football Pool Plugin <= 2.12.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AntoineH Football Pool football-pool allows Stored XSS.This issue affects Football Pool: from n/a through = 2.12.6...

CVE-2025-58987 WordPress Football Pool Plugin <= 2.12.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.6...

CVE-2025-53280 WordPress Football Pool plugin <= 2.12.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AntoineH Football Pool allows Stored XSS. This issue affects Football Pool: from n/a through 2.12.5...

WordPress Football Pool plugin <= 2.12.4 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Football Pool versions = 2.12.4...

WordPress Football Pool plugin <= 2.12.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Football Pool versions = 2.12.2...

WordPress Football Pool Plugin <= 2.11.9 is vulnerable to Cross Site Scripting (XSS)

Software Football Pool Type Plugin Vulnerable versions = 2.11.9 Fixed in 2.11.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43139 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 67467a5d4e93 Credits Manab Jyoti Dowarah Required...

Football pool < 2.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.11.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Football Pool Plugin <= 2.11.3 is vulnerable to Cross Site Scripting (XSS)

Software Football Pool Type Plugin Vulnerable versions = 2.11.3 Fixed in 2.11.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 55a90c79eb31 Credits WordFence Required privilege...