Reflected Cross-Site Scripting Vulnerability in JoomSport Plugin for WordPress
CVE-2024-12633
7.1HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 7 January 2025
What is CVE-2024-12633?
The JoomSport plugin for WordPress exhibits a reflected cross-site scripting vulnerability due to inadequate input sanitization and output escaping. This flaw allows unauthenticated attackers to inject malicious web scripts through the 'page' parameter, which may execute if a user is tricked into clicking a crafted link. This presents a significant risk as it potentially compromises user security and privacy, making it essential for website administrators to apply mitigations and updates promptly.
Affected Version(s)
JoomSport – for Sports: Team & League, Football, Hockey & more * <= 5.6.17