CVE-2025-15368
- EPSS 0.05%
- Veröffentlicht 04.02.2026 13:24:42
- Zuletzt bearbeitet 04.02.2026 16:33:44
The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above per...
CVE-2024-3986
- EPSS 0.24%
- Veröffentlicht 30.07.2024 06:15:02
- Zuletzt bearbeitet 13.03.2025 14:15:29
The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...
CVE-2024-34824
- EPSS 0.12%
- Veröffentlicht 11.06.2024 10:15:12
- Zuletzt bearbeitet 21.11.2024 09:19:28
Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20.
CVE-2024-1178
- EPSS 0.16%
- Veröffentlicht 05.03.2024 02:15:26
- Zuletzt bearbeitet 08.01.2025 17:16:27
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possi...
CVE-2021-24578
- EPSS 0.21%
- Veröffentlicht 21.12.2021 09:15:06
- Zuletzt bearbeitet 21.11.2024 05:53:20
The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue
CVE-2020-13892
- EPSS 0.16%
- Veröffentlicht 09.06.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:05
The SportsPress plugin before 2.7.2 for WordPress allows XSS.