Vulnerabilities > Beardev
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-01 | CVE-2024-43355 | Missing Authorization vulnerability in Beardev Joomsport Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0. | 8.8 |
2024-11-01 | CVE-2024-44031 | Missing Authorization vulnerability in Beardev Joomsport Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3. | 8.8 |
2022-12-19 | CVE-2022-4050 | Unspecified vulnerability in Beardev Joomsport The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | 9.8 |
2022-09-06 | CVE-2022-2717 | SQL Injection vulnerability in Beardev Joomsport The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
2022-09-06 | CVE-2022-2718 | SQL Injection vulnerability in Beardev Joomsport The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
2021-07-06 | CVE-2021-24384 | Unspecified vulnerability in Beardev Joomsport The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. | 9.8 |
2019-08-05 | CVE-2019-14348 | SQL Injection vulnerability in Beardev Joomsport 3.3 The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | 9.8 |