cleantalk
Vulnerabilities and Security Researches

JoomSport – for Sports: Team & League, Football, Hockey & more, CVE-2025-7721

CVE, Research URL

CVE-2025-7721

Home page URL

Security reports for JoomSport – for Sports: Team & League, Football, Hockey & more

Application

JoomSport – for Sports: Team & League, Football, Hockey & more

Published on
Oct 03, 2025
Research Description
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.7.3 via the task parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Affected versions
max 5.7.4.
Status
vulnerable
Previous vulnerability researches
WP Easy FAQs (CVE-2025-8686) , Apr 25, 2026
New vulnerability
Restrict User Registration (CVE-2025-9892) , Apr 25, 2026
SnapWidget Social Photo Feed Widget (CVE-2025-58241) , Apr 25, 2026
Cozy Blocks – Page Builder Blocks for FSE and Gutenberg Editor, Gutenberg Blocks, WooCommerce Blocks, Post Blocks, Slider (CVE-2025-59573) , Apr 25, 2026
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2025-7721) , Apr 25, 2026
World first Lifetime free Form Builder for WordPress (CVE-2025-58957) , Apr 25, 2026