Beardev

Joomsport

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2026-42647

  • EPSS 1.32%
  • Veröffentlicht 11.06.2026 21:04:14
  • Zuletzt bearbeitet 12.06.2026 13:13:53

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7.

7.5

CVE-2026-6929

  • EPSS 0.32%
  • Veröffentlicht 13.05.2026 05:29:35
  • Zuletzt bearbeitet 13.05.2026 14:43:46

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user sup...

9.8

CVE-2025-7721

  • EPSS 0.63%
  • Veröffentlicht 03.10.2025 11:17:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.7.3 via the task parameter. This makes it possible for unauthenticated attackers to ...

7.1

CVE-2024-12633

  • EPSS 0.28%
  • Veröffentlicht 07.01.2025 06:15:17
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and ou...

8.8

CVE-2024-44031

  • EPSS 0.36%
  • Veröffentlicht 01.11.2024 15:15:52
  • Zuletzt bearbeitet 23.04.2026 15:19:02

Missing Authorization vulnerability in beardev JoomSport joomsport-sports-league-results-management.This issue affects JoomSport: from n/a through <= 5.6.3.

8.8

CVE-2024-43355

  • EPSS 0.42%
  • Veröffentlicht 01.11.2024 15:15:48
  • Zuletzt bearbeitet 13.11.2024 01:24:34

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.

9.8

CVE-2022-4050

Exploit
  • EPSS 4.76%
  • Veröffentlicht 19.12.2022 14:15:11
  • Zuletzt bearbeitet 17.04.2025 14:15:24

The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

4.9

CVE-2022-2717

  • EPSS 1.11%
  • Veröffentlicht 06.09.2022 18:15:14
  • Zuletzt bearbeitet 08.04.2026 18:17:26

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping ...

4.9

CVE-2022-2718

  • EPSS 1.11%
  • Veröffentlicht 06.09.2022 18:15:14
  • Zuletzt bearbeitet 08.04.2026 18:17:26

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient esca...

9.8

CVE-2021-24384

Exploit
  • EPSS 2.07%
  • Veröffentlicht 06.07.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 05:52:57

The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even tho...