Skip to main content

The League

2 CVEs product

Monthly

CVE-2026-25454 MEDIUM This Month

This is a missing authorization vulnerability (CWE-862) in MVPThemes The League WordPress theme affecting versions up to 4.4.1, where incorrectly configured access control security levels allow attackers to bypass authentication mechanisms. An attacker can exploit this broken access control to perform unauthorized actions or access restricted functionality without proper credentials. While no CVSS score or EPSS data is currently available, the vulnerability has been documented by Patchstack and assigned ENISA EUVD ID EUVD-2026-15732, indicating active tracking by EU vulnerability databases.

Authentication Bypass The League
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2020-12624 MEDIUM POC This Month

The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure The League
NVD
CVSS 3.1
6.5
EPSS
1.3%
EPSS 0% CVSS 6.5
MEDIUM This Month

This is a missing authorization vulnerability (CWE-862) in MVPThemes The League WordPress theme affecting versions up to 4.4.1, where incorrectly configured access control security levels allow attackers to bypass authentication mechanisms. An attacker can exploit this broken access control to perform unauthorized actions or access restricted functionality without proper credentials. While no CVSS score or EPSS data is currently available, the vulnerability has been documented by Patchstack and assigned ENISA EUVD ID EUVD-2026-15732, indicating active tracking by EU vulnerability databases.

Authentication Bypass The League
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure The League
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy