cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forfootball-pool football-pool

Direction: ascending
Jun 06, 2024

Football Pool # CVE-2017-18524

CVE, Research URL

CVE-2017-18524

Home page URL

Security reports for Football Pool

Application

Football Pool

Date
Aug 20, 2019
Research Description
The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.
Affected versions
Min -, max -.
Status
vulnerable

Football Pool # CVE-2024-29802

CVE, Research URL

CVE-2024-29802

Home page URL

Security reports for Football Pool

Application

Football Pool

Date
Mar 27, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.3.
Affected versions
Min -, max -.
Status
vulnerable
Aug 12, 2024

Football Pool # CVE-2024-43139

CVE, Research URL

CVE-2024-43139

Home page URL

Security reports for Football Pool

Application

Football Pool

Date
-
Research Description
Football Pool [football-pool] < 2.11.10 CVE-2024-43139
Affected versions
Min -, max -.
Status
vulnerable

Football Pool # CVE-2024-43130

CVE, Research URL

CVE-2024-43130

Home page URL

Security reports for Football Pool

Application

Football Pool

Date
-
Research Description
Football Pool [football-pool] < 2.12.1 CVE-2024-43130
Affected versions
Min -, max -.
Status
vulnerable
Mar 27, 2025

Football Pool # CVE-2025-30764

CVE, Research URL

CVE-2025-30764

Home page URL

Security reports for Football Pool

Application

Football Pool

Date
Mar 27, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in AntoineH Football Pool allows Cross Site Request Forgery. This issue affects Football Pool: from n/a through 2.12.2.
Affected versions
Min -, max -.
Status
vulnerable
Jun 20, 2025

Football Pool # CVE-2025-5490

CVE, Research URL

CVE-2025-5490

Home page URL

Security reports for Football Pool

Application

Football Pool

Date
Jun 19, 2025
Research Description
The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max -.
Status
vulnerable