CVE-2025-7721

Name of the Vulnerable Software and Affected Versions JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress versions prior to 5.7.4

Description The JoomSport plugin for WordPress is susceptible to a Local File Inclusion issue through the task parameter. This allows unauthenticated attackers to include and execute arbitrary .php files on the server. Successful exploitation could lead to bypassing access controls, obtaining sensitive data, or achieving code execution if .php file uploads are permitted. The API endpoint is not explicitly mentioned. The vulnerable parameter is task.

Recommendations Update JoomSport to version 5.7.4 or later.