WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)

Description

WordPress Plugin Live Scores for SportsPress is prone to multiple vulnerabilities, including cross-site scripting and local file inclusion vulnerabilities. Exploiting these issues may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials, or to obtain sensitive information that could aid in further attacks. WordPress Plugin Live Scores for SportsPress version 1.9.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.9.1 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:441A970D-A1C7-4ABD-99E3-47ACD2D2966B

https://sploitus.com/exploit?id=WPEX-ID:50C3F5AB-BBDA-4BDA-81C8-16DCBF4D6600

https://plugins.svn.wordpress.org/live-scores-for-sportspress/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Contact Form Widget-Contact Query, Form Maker SQL Injection (1.0.9)

WordPress Plugin Social Sharing Toolkit Cross-Site Scripting (2.1.1)

ProjectSend Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-40886)

WordPress Plugin Quick Event Manager Multiple Vulnerabilities (9.7.4)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24599)

Severity

High

Classification

CWE-22 CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update