CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added yesterday•3 views

CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

9.3CVSS5.6AI score

Cvelist•added yesterday•18 views

CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

9.3CVSS

CVE•added yesterday•34 views

CVE-2026-42647

CVE-2026-42647 affects the WordPress plugin JoomSport

9.3CVSS5.6AI score

In wildExploits0References1

Positive Technologies•added yesterday•4 views

PT-2026-48782

Name of the Vulnerable Software and Affected Versions Beardev JoomSport versions prior to 5.7.7 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection, a technique used to extract information from a database by asking true or false questions...

9.3CVSS5.5AI score

Exploits0References4

RedhatCVE•added last week•6 views

CVE-2026-6929

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS5.7AI score0.00109EPSS

Nuclei•added 2026/06/02 10:14 a.m.•14 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS5.9AI score

Exploits0References4

NVD•added 2026/05/13 6:16 a.m.•7 views

CVE-2026-6929

7.5CVSS0.00109EPSS

CVE•added 2026/05/13 5:29 a.m.•12 views

CVE-2026-6929

The CVE pertains to the JoomSport WordPress plugin (Team & League, Football, Hockey & more). Affected versions are up to and including 5.7.7, with a time-based blind SQL Injection via the sortf parameter caused by insufficient escaping and inadequate preparation of the SQL query. The vulnerabilit...

Cvelist•added 2026/05/13 5:29 a.m.•34 views

CVE-2026-6929 JoomSport <= 5.7.7 - Unauthenticated SQL Injection via 'sortf' Parameter

7.5CVSS0.00109EPSS

ATTACKERKB•added 2026/05/13 5:29 a.m.•3 views

CVE-2026-6929

EUVD•added 2026/05/13 5:29 a.m.•6 views

Exploits0References7

EUVD-2026-29913

CNNVD•added 2026/05/13 12:0 a.m.•4 views

WordPress plugin JoomSport SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Positive Technologies•added 2026/05/13 12:0 a.m.•10 views

PT-2026-40579

Patchstack•added 2026/04/29 2:9 p.m.•3 views

WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin JoomSport versions = 5.7.7...

5.9AI score

Exploits0Affected Software1

VulnCheck KEV•added 2026/04/29 12:0 a.m.•8 views

VulnCheck KEV: CVE-2026-42647

A vulnerability is present in the JoomSport – for Sports: Team & League plugin due to improper sanitization of the sortf parameter, that could lead to SQL injection...

5.9AI score

In wildExploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-11296

Malware in sbrugna...

9.8CVSS9.2AI score0.04455EPSS

Exploits2References2

RedhatCVE•added 2025/10/04 11:53 a.m.•7 views

CVE-2025-7721

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.7.3 via the task parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

9.8CVSS7.3AI score0.00711EPSS