Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users
AnalysisAI
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users Affected products include: Beardev Joomsport. Version information: before 5.2.8.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Blind SQL injection in Beardev JoomSport (WordPress plugin) through version 5.7.7 allows remote unauthenticated attacker
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated an
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Securit
The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection v
The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection v
Share
External POC / Exploit Code
Leaving vuln.today