WordPress · Tournamatch · CVE-2024-5627
**Name of the Vulnerable Software and Affected Versions**
Tournamatch WordPress plugin versions prior to 4.6.1
**Description**
The issue allows users with a role as low as subscriber to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters.
**Recommendations**
For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue.