Lucene search
+L

9 matches found

CVE
CVE
added 2026/07/10 9:32 a.m.9 views

CVE-2026-13010

The CVE-2026-13010 entry concerns the JoomSport plugin for WordPress (Team & League, Football, Hockey & more). Affected versions: all up to and including 5.7.9. Vulnerability type: time-based SQL Injection via the 'event' shortcode attribute, caused by insufficient escaping of the user-supplied p...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 9:32 a.m.37 views

CVE-2026-13010 JoomSport <= 5.7.9 - Authenticated (Contributor+) SQL Injection via 'event' Shortcode Attribute

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/10 9:32 a.m.7 views

CVE-2026-13010

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.7 views

CVE-2025-13904

The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gancio-event' shortcode in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.4 views

CVE-2025-13904 WPGancio <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gancio-event' shortcode in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.40 views

CVE-2025-13904 WPGancio <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gancio-event' shortcode in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00237EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.8 views

CVE-2025-9850

The Evenium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveniumsingleevent' shortcode in all versions up to, and including, 1.3.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/09/11 7:24 a.m.27 views

CVE-2025-9850

The Evenium WordPress plugin (versions

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.6 views

PT-2024-26249 · WordPress · The Events Manager

Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.7.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event category...

6.4CVSS6.1AI score0.00291EPSS
Exploits0References6
Rows per page
Query Builder