36 matches found
EUVD-2025-10756
Malicious code in bioql PyPI...
CVE-2025-4594
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-5644
The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5627
The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
CVE-2025-4594
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-4594
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-4594 Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2025-4594
CVE-2025-4594 refers to the WordPress plugin Tournamatch. The vulnerability is a stored cross-site scripting (XSS) arising from insufficient input sanitization and output escaping in the trn-ladder-registration-button shortcode, affecting versions up to and including 4.6.1. An authenticated attac...
CVE-2025-4594 Tournamatch <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress plugin Tournamatch 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-22576 · WordPress · Tournamatch
Name of the Vulnerable Software and Affected Versions: Tournamatch plugin for WordPress versions up to and including 4.6.1 Description: The issue is related to Stored Cross-Site Scripting via the 'trn-ladder-registration-button' shortcode. This is due to insufficient input sanitization and output...
CVE-2025-32600
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through = 4.7.0...
CVE-2025-32600
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through = 4.7.0...
CVE-2025-32600 WordPress Tournamatch plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through = 4.7.0...
CVE-2025-32600 WordPress Tournamatch plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tournamatch Tournamatch tournamatch allows Reflected XSS.This issue affects Tournamatch: from n/a through = 4.7.0...
CVE-2025-32600
CVE-2025-32600: Reflected XSS in Tournamatch. Affected: Tournamatch versions up to 4.6.1 (no fixed version stated in provided docs). Root cause: improper neutralization of input during web page generation leading to reflected cross-site scripting. Severity: CVSS v3.1 base score 7.1 (HIGH) with ne...
WordPress plugin Tournamatch 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Tournamatch plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Tournamatch versions = 4.7.0...
WordPress WordPress Plugin Tournamatch plugin < 4.6.1 - Admin+ Stored XSS via Ladders vulnerability
Admin+ Stored XSS via Ladders vulnerability discovered by Bob Matyas in WordPress Plugin Tournamatch versions 4.6.1...
WordPress WordPress Plugin Tournamatch plugin < 4.6.1 - Subscriber+ Stored XSS vulnerability
Subscriber+ Stored XSS vulnerability discovered by Davide Balzano in WordPress Plugin Tournamatch versions 4.6.1...