Volerion logoVolerion
Volerion logoVolerion

JoomSport WordPress Plugin Local File Inclusion Vulnerability

Vulnerability

A local file inclusion vulnerability has been identified in the JoomSport WordPress plugin, specifically in versions through 5.7.3. The issue arises in the 'task' parameter, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server. This vulnerability could be exploited to bypass access controls, access sensitive information, or execute code in scenarios where PHP files can be uploaded and included.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of PHP code on the server, potentially allowing attackers to bypass access controls, access sensitive data, or execute malicious code, depending on the context.

Reproduction

To reproduce this vulnerability, send a request to the WordPress site with the 'task' parameter set to a value that traverses directories and points to a PHP file that can be included. This can be done by manipulating the 'task' parameter to exploit the directory traversal vulnerability, ultimately leading to the inclusion of arbitrary PHP files on the server.

Remediation

Users are advised to update the JoomSport WordPress plugin to version 5.7.4 or later.

Added: Oct 3, 2025, 12:43 PM
Updated: Oct 3, 2025, 12:43 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
5.6
exploitability
9.3
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.