Vulnerabilities > Beardev > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-19 | CVE-2022-4050 | Unspecified vulnerability in Beardev Joomsport The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | 9.8 |
| 2021-07-06 | CVE-2021-24384 | Unspecified vulnerability in Beardev Joomsport The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. | 9.8 |
| 2019-08-05 | CVE-2019-14348 | SQL Injection vulnerability in Beardev Joomsport 3.3 The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter. | 9.8 |