Vulnerabilities > Themeboy

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-30	CVE-2024-3986	Cross-site Scripting vulnerability in Themeboy Sportspress The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) network low complexity themeboy CWE-79	4.8
2024-06-11	CVE-2024-34824	Unspecified vulnerability in Themeboy Sportspress Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. network low complexity themeboy	6.3
2021-12-21	CVE-2021-24578	Unspecified vulnerability in Themeboy Sportspress The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue network low complexity themeboy	6.1
2020-06-09	CVE-2020-13892	Cross-site Scripting vulnerability in Themeboy Sportspress The SportsPress plugin before 2.7.2 for WordPress allows XSS. network low complexity themeboy CWE-79	5.4

Vulnerabilities > Themeboy {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Themeboy"}]}