cleantalk
Vulnerabilities and Security Researches

JoomSport – for Sports: Team & League, Football, Hockey & more, CVE-2021-24384

CVE, Research URL

CVE-2021-24384

Home page URL

Security reports for JoomSport – for Sports: Team & League, Football, Hockey & more

Application

JoomSport – for Sports: Team & League, Football, Hockey & more

Published on
Jul 06, 2021
Research Description
The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE
Affected versions
max 5.1.8.
Status
vulnerable
Previous vulnerability researches
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2023-53601) , Nov 10, 2025
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2024-43355) , Aug 20, 2024
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2021-24384) , Jun 07, 2024
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2019-14348) , Jun 07, 2024
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2022-2717) , Jun 07, 2024
New vulnerability
Dynamic User Directory (CVE-2025-62982) , Nov 10, 2025
Responsive Progress Bar (CVE-2025-11883) , Nov 10, 2025
Tab Ultimate (CVE-2025-62060) , Nov 10, 2025
Top Bar Notification (CVE-2025-12412) , Nov 10, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-7526) , Nov 10, 2025