Lucene search
K

128 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-13010

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based SQL Injection via 'event' Shortcode Attribute in all versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS6.1AI score
Exploits0References4
Nuclei
Nuclei
added 7 hours ago45 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS6AI score0.01323EPSS
Exploits1References4
Nuclei
Nuclei
added 7 hours ago45 views

WordPress JoomSport <5.2.8 - SQL Injection

WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operation...

9.8CVSS7.3AI score0.04756EPSS
Exploits2References5
Patchstack
Patchstack
added yesterday2 views

WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.9 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin JoomSport versions = 5.7.9...

6.5CVSS6.1AI score
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/02 10:16 a.m.8 views

CVE-2026-12134

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
CVE
CVE
added 2026/07/02 8:33 a.m.12 views

CVE-2026-12134

The CVE concerns the WordPress plugin JoomSport – for Sports: Team & League, Football, Hockey & more (up to and including version 5.7.8). It describes an authorization bypass where authenticated users with subscriber-level access and above can create arbitrary season groups or modify group names,...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 8:33 a.m.6 views

EUVD-2026-41265

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.42 views

CVE-2026-12134 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/07/01 7:58 p.m.5 views

WordPress JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification vulnerability

Authenticated Subscriber+ Missing Authorization to Arbitrary Group Creation/Modification vulnerability discovered by ? in WordPress Plugin JoomSport versions = 5.7.8...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40887

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-12133

Summary: The JoomSport – for Sports: Team & League, Football & more plugin for WordPress (up to version 5.7.8) is vulnerable to Missing Authorization to Arbitrary Group Deletion via the joomsport_season_groupdel() AJAX handler. The issue arises from a missing capability check; the handler only ve...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.34 views

CVE-2026-12133 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Deletion via season_groupdel AJAX action

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/06/13 4:29 p.m.92 views

Exploit for CVE-2026-42647

CVE-2026-42647 - JoomSport Unauthenticated Time-Based Blind SQ...

9.3CVSS6.8AI score0.01323EPSS
Exploits1
EUVD
EUVD
added 2026/06/12 12:31 a.m.10 views

EUVD-2026-36359

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

9.3CVSS5.6AI score0.01323EPSS
Exploits1References2
NVD
NVD
added 2026/06/11 10:16 p.m.11 views

CVE-2026-42647

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

9.3CVSS0.01323EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/11 9:4 p.m.29 views

CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

9.3CVSS0.01323EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/11 9:4 p.m.7 views

CVE-2026-42647 WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7...

9.3CVSS5.6AI score0.01323EPSS
Exploits1References1
CVE
CVE
added 2026/06/11 9:4 p.m.64 views

CVE-2026-42647

CVE-2026-42647 affects the WordPress plugin JoomSport

9.3CVSS5.6AI score0.01323EPSS
In wildExploits1References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48782

Name of the Vulnerable Software and Affected Versions Beardev JoomSport versions prior to 5.7.7 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection, a technique used to extract information from a database by asking true or false questions...

9.3CVSS5.5AI score0.01323EPSS
Exploits1References4
Rows per page
Query Builder