cleantalk
Vulnerabilities and Security Researches

AnWP Football Leagues, CVE-2024-8917

CVE, Research URL

CVE-2024-8917

Home page URL

Security reports for AnWP Football Leagues

Application

AnWP Football Leagues

Published on
Sep 25, 2024
Research Description
The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions
Min -, max 0.16.8.
Status
vulnerable
Previous vulnerability researches
AnWP Football Leagues (CVE-2024-8917) , Sep 25, 2024
AnWP Football Leagues (CVE-2025-8767) , Aug 12, 2025
New vulnerability
String locator , Aug 13, 2025
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2025-54028) , Aug 13, 2025
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks (CVE-2025-54007) , Aug 13, 2025
WooCommerce Purchase Orders (CVE-2025-5391) , Aug 13, 2025
RentSyst – CRM solution for fleet management (CVE-2025-48152) , Aug 12, 2025