Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection.

This issue affects JoomSport: from n/a through 5.7.7.
Published: 2026-06-11
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from improper neutralization of special characters in an SQL command within Beardev JoomSport, which permits blind SQL injection. An attacker can send crafted input that bypasses input validation, causing the plugin to execute arbitrary SQL queries. This can result in unauthorized access to sensitive data, modification of database records, or further compromise of the WordPress site.

Affected Systems

The flaw affects all installations of the JoomSport WordPress plugin version 5.7.7 and earlier. It is present in the plugin shipped by Beardev and is activated on any WordPress site that has the plugin installed and enabled.

Risk and Exploitability

The CVSS score of 9.3 indicates a high severity vulnerability. The EPSS score is not available, and the issue is not listed in the CISA KEV catalog. The attack vector is likely local to the WordPress environment, requiring an attacker to be able to submit input to the plugin’s interfaces. Because the exploitation path involves blind injection, an attacker may need to use timing attacks or observable side effects to extract data, but the lack of error messages does not prevent data exfiltration or modification.

Generated by OpenCVE AI on June 11, 2026 at 22:29 UTC.

Remediation

Vendor Solution

Update the WordPress JoomSport Plugin to the latest available version (at least 5.7.8).

OpenCVE Recommended Actions

  • Upgrade the JoomSport plugin to version 5.7.8 or newer.
  • Limit plugin access to users with administrative privileges only.
  • Implement a Web Application Firewall rule to block SQL injection patterns on the JoomSport endpoints.

Generated by OpenCVE AI on June 11, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Beardev
Beardev joomsport
Wordpress
Wordpress wordpress
Vendors & Products Beardev
Beardev joomsport
Wordpress
Wordpress wordpress

Thu, 11 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection. This issue affects JoomSport: from n/a through 5.7.7.
Title WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Beardev Joomsport
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-11T21:04:14.881Z

Reserved: 2026-04-29T09:04:31.204Z

Link: CVE-2026-42647

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-11T22:16:56.447

Modified: 2026-06-11T22:16:56.447

Link: CVE-2026-42647

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T23:15:09Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')