CVE-2025-7721 🔴 Critical

CVE-2025-7721 - JoomSport Wordpress plugin unauthenticated code injection

CVE ID

CVE-2025-7721

CVSS Score

9.8

Vendor

wordpress joomsport plugin

Published

Oct 03

All versions of the WordPress plugin JoomSport – for Sports: Team & League, Football, Hockey & more up to and including version 5.7.3 are affected by a Local File Inclusion (LFI) vulnerability. The issue arises from improper handling of the task parameter, allowing unauthenticated attackers to load and execute arbitrary PHP files on the server. This flaw could enable attackers to bypass access restrictions, gain access to sensitive data, or execute malicious code if PHP files can be uploaded and included.

References

- [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-7721)
- [MITRE CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7721)

Vulnerability Details

CVE ID
CVE-2025-7721
Severity
Critical
CVSS v3 Score
9.8 / 10.0
Affected Vendor
wordpress joomsport plugin
Publication Date
October 03, 2025

Need Help?

Protect your infrastructure with our comprehensive security scanning tools.

Explore Security Scanners