Local File Inclusion Vulnerability in JoomSport Plugin for WordPress
CVE-2025-7721

9.8CRITICAL

Key Information:

Vendor

WordPress
Status
Joomsport – For Sports: Team & League, Football, Hockey & More
Vendor
CVE Published:
3 October 2025

What is CVE-2025-7721?

The JoomSport plugin for WordPress is susceptible to a Local File Inclusion vulnerability in all versions up to and including 5.7.3. This flaw arises from improper validation of the 'task' parameter, enabling unauthorized attackers to access and execute arbitrary .php files on the server. Such exploitation can lead to significant security issues, including the bypass of access controls, unauthorized data access, and the ability to execute arbitrary PHP code, compromising the integrity of the WordPress installation.

Affected Version(s)

JoomSport – for Sports: Team & League, Football, Hockey & more * <= 5.7.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/joomsport-spor...
https://plugins.trac.wordpress.org/changeset/3371353/

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Mazzolini
JSON
.
CVE-2025-7721 : Local File Inclusion Vulnerability in JoomSport Plugin for WordPress