CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3986 – SportsPress < 2.7.22 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-3986
09 Jul 2024 — The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.7.21 due to insufficient input sanitization and output... • https://wpscan.com/vulnerability/76c78f8e-e3da-47d9-9bf4-70e9dd125b82 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34824 – WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34824
09 May 2024 — Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. Vulnerabilidad de autorización faltante en ThemeBoy SportsPress – Sports Club & League Manager. Este problema afecta a SportsPress – Sports Club & League Manager: desde n/a hasta 2.7.20. The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ca... • https://patchstack.com/database/vulnerability/sportspress/wordpress-sportspress-sports-club-league-manager-plugin-2-7-20-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24578 – SportsPress < 2.7.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24578
16 Nov 2021 — The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue El plugin SportsPress de WordPress versiones anteriores a 2.7.9, no sanea y escapa de su parámetro match_day antes de devolverlo a la página del backend de Eventos, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/69351798-c790-42d4-9485-1813cd325769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13892 – SportsPress <= 2.7.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-13892
07 Jun 2020 — The SportsPress plugin before 2.7.2 for WordPress allows XSS. El plugin SportsPress versiones anteriores a 2.7.2 para WordPress, permite un ataque de tipo XSS • https://wpvulndb.com/vulnerabilities/10257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •