Themeboy Sportspress
5 CVEs affecting Themeboy Sportspress. Latest disclosed: 2024-07-30. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-24578 | Medium | 6.1 | 2021-12-21 | The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading t… |
CVE-2020-13892 | Medium | 5.4 | 2020-06-09 | The SportsPress plugin before 2.7.2 for WordPress allows XSS. |
CVE-2024-1178 | Medium | 5.3 | 2024-03-05 | The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the… |
CVE-2024-3986 | Medium | 4.8 | 2024-07-30 | The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perf… |
CVE-2024-34824 | Medium | 4.3 | 2024-06-11 | Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from… |