cleantalk
Vulnerabilities and Security Researches

SportsPress – Sports Club & League Manager, CVE-2021-24578

CVE, Research URL

CVE-2021-24578

Home page URL

Security reports for SportsPress – Sports Club & League Manager

Application

SportsPress – Sports Club & League Manager

Published on
Dec 21, 2021
Research Description
The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue
Affected versions
max 2.7.9.
Status
vulnerable
Previous vulnerability researches
Legacy ePlayer (CVE-2025-22572) , Jan 09, 2025
Live Scores for SportsPress (CVE-2022-4974) , Nov 16, 2024
Live Scores for SportsPress (a81f580827e7b58d80d33fa9199395d57beb38e7) , Jun 07, 2024
SportsPress – Sports Club & League Manager (CVE-2024-3986) , Aug 01, 2024
SportsPress – Sports Club & League Manager (CVE-2021-24578) , Jun 07, 2024
New vulnerability
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2025-69001) , Feb 27, 2026
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2026-25313) , Feb 27, 2026
Advanced Custom Fields: Font Awesome Field (CVE-2025-14983) , Feb 27, 2026
Shield Security – Smart Bot Blocking & Intrusion Prevention Security (CVE-2025-14427) , Feb 27, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2025-15520) , Feb 27, 2026