Beardev Joomsport vulnerabilities
8 known vulnerabilities affecting beardev/joomsport.
Total CVEs
8
CISA KEV
0
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL4HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-4050P1CRITICALCVSS 9.8ExploitedPoCfixed in 5.2.82022-12-19
CVE-2022-4050 [CRITICAL] CWE-89 CVE-2022-4050: The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
nvd
CVE-2026-42647P2CRITICALCVSS 9.3ExploitedPoC≥ n/a, ≤ 5.7.72026-06-11
CVE-2026-42647 [CRITICAL] CWE-89 CVE-2026-42647: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection.
This issue affects JoomSport: from n/a through 5.7.7.
nvd
CVE-2019-14348P2CRITICALCVSS 9.8PoCv3.32019-08-05
CVE-2019-14348 [CRITICAL] CWE-89 CVE-2019-14348: The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete data
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
nvd
CVE-2021-24384P3CRITICALCVSS 9.8fixed in 5.1.82021-07-06
CVE-2021-24384 [CRITICAL] CWE-502 CVE-2021-24384: The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for bot
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could
nvd
CVE-2024-44031P3HIGHCVSS 8.8fixed in 5.6.4≤ 5.6.32024-11-01
CVE-2024-44031 [HIGH] CWE-862 CVE-2024-44031: Missing Authorization vulnerability in beardev JoomSport joomsport-sports-league-results-management.
Missing Authorization vulnerability in beardev JoomSport joomsport-sports-league-results-management.This issue affects JoomSport: from n/a through <= 5.6.3.
nvd
CVE-2024-43355P3HIGHCVSS 8.8fixed in 5.5.7≥ n/a, ≤ 5.3.02024-11-01
CVE-2024-43355 [HIGH] CWE-862 CVE-2024-43355: Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Ac
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.
nvd
CVE-2022-2717P4MEDIUMCVSS 4.9≤ 5.2.52022-09-06
CVE-2022-2717 [MEDIUM] CWE-89 CVE-2022-2717: The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerabl
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes
nvd
CVE-2022-2718P4MEDIUMCVSS 4.9≤ 5.2.52022-09-06
CVE-2022-2718 [MEDIUM] CWE-89 CVE-2022-2718: The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerabl
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This m
nvd