JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

EUVD-2026-36359

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

PT-2026-48782

Name of the Vulnerable Software and Affected Versions Beardev JoomSport versions prior to 5.7.7 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection, a technique used to extract information from a database by asking true or false questions...

EUVD-2022-34960

Malicious code in bioql PyPI...

CVE-2025-7721

CVE-2025-7721 concerns the WordPress plugin JoomSport – for Sports: Team & League, Football, Hockey & more (versions ≤ 5.7.3). It is a Unauthenticated Local File Inclusion via the task parameter, allowing an attacker to include/execute arbitrary PHP files on the server (potential code execution, ...

CVE-2024-44031

Missing Authorization vulnerability in beardev JoomSport joomsport-sports-league-results-management.This issue affects JoomSport: from n/a through = 5.6.3...

CVE-2019-14348

The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsportseason/new-yorkers/?action=playerlist sid parameter...

CVE-2024-43355

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0...

CVE-2024-43355

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0...

CVE-2024-43355 WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0...

CVE-2024-43355 WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0...

CVE-2024-44031 WordPress JoomSport plugin <= 5.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3...

PT-2024-30523 · Joomsport · Joomsport

Name of the Vulnerable Software and Affected Versions: JoomSport versions 5.3.0 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For JoomSport versions 5.3.0 and...

WordPress JoomSport Plugin <= 5.6.3 is vulnerable to Broken Access Control

Software JoomSport Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-44031 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bbc4d7d58817 Credits Abdi Pranata Required privilege...

WordPress JoomSport Plugin <= 5.3.0 is vulnerable to Broken Access Control

Software JoomSport Type Plugin Vulnerable versions = 5.3.0 Fixed in 5.5.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43355 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 01c7b0c93956 Credits Trương Hữu Phúc truonghuuphuc...

CVE-2022-4050

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

Sql injection

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

CVE-2022-4050

CVE-2022-4050 affects the WordPress JoomSport plugin prior to 5.2.8. The issue is a SQL injection caused by improper sanitization/escaping of a parameter before it is used in a SQL statement, allowing unauthenticated users to issue arbitrary queries. Documented impacts include potential exposure ...

JoomSport < 5.2.8 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users 1. Install the vulnerable plugin joomsport-sports-league-results-management version 5.2.6, skip the demo data import when prompted 2...