cleantalk
Vulnerabilities and Security Researches

JoomSport – for Sports: Team & League, Football, Hockey & more, CVE-2022-2718

CVE, Research URL

CVE-2022-2718

Home page URL

Security reports for JoomSport – for Sports: Team & League, Football, Hockey & more

Application

JoomSport – for Sports: Team & League, Football, Hockey & more

Published on
Sep 06, 2022
Research Description
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-page-extrafields page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 5.2.6.
Status
vulnerable
Previous vulnerability researches
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2023-53601) , Nov 10, 2025
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2024-43355) , Aug 20, 2024
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2021-24384) , Jun 07, 2024
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2019-14348) , Jun 07, 2024
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2022-2717) , Jun 07, 2024
New vulnerability
Dynamic User Directory (CVE-2025-62982) , Nov 10, 2025
Responsive Progress Bar (CVE-2025-11883) , Nov 10, 2025
Tab Ultimate (CVE-2025-62060) , Nov 10, 2025
Top Bar Notification (CVE-2025-12412) , Nov 10, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-7526) , Nov 10, 2025