Blind SQL Injection in Beardev JoomSport WordPress Plugin (≤ 5.7.7)

critical-cve-against-dependency · active

A blind SQL injection vulnerability affects the Beardev JoomSport WordPress plugin in all versions up to and including 5.7.7, tracked as CVE-2026-42647. Attackers may be able to manipulate database queries, potentially exposing or altering site data.

Affected packages

• packagistjoomsport-sports-league-results-managementupgrade to ≥ 5.7.8

Sources

• ghsahttps://github.com/advisories/GHSA-2369-78ph-422f
• nvdhttps://nvd.nist.gov/vuln/detail/CVE-2026-42647
• google-searchhttps://patchstack.com/database/wordpress/plugin/joomsport-sports-league-results-management/vulnerability/wordpress-joomsport-plugin-5-7-7-sql-injection-vulnerability?_s_id=cve