WP-Safety

JoomSport – for Sports: Team & League, Football, Hockey & more Security & Risk Analysis

wordpress.org/plugins/joomsport-sports-league-results-management

Create PRO sports website for your club, sports team or sports league! Soccer, Football, Hockey, Basketball, Volleyball, Handball, eSport & others.

1K active installs v5.7.5 PHP 7.0+ WP 4.0+ Updated Mar 11, 2026
footballhockeyleaguesportssports-team
83
B · Generally Safe
CVEs total9
Unpatched0
Last CVEOct 2, 2025
Plugin page Download
Safety Verdict

Is JoomSport – for Sports: Team & League, Football, Hockey & more Safe to Use in 2026?

Mostly Safe

Score 83/100

JoomSport – for Sports: Team & League, Football, Hockey & more is generally safe to use. 9 past CVEs were resolved. Keep it updated.

9 known CVEsLast CVE: Oct 2, 2025Updated 23d ago
Risk Assessment

The "joomsport-sports-league-results-management" plugin version 5.7.5 presents a mixed security posture. While it demonstrates good practices in areas like SQL query preparation (74%) and output escaping (81%), and has no currently unpatched CVEs, significant concerns remain. The presence of 3 AJAX handlers without authentication checks and 2 high-severity taint flows are immediate red flags, indicating potential unauthorized access or data compromise. The substantial historical vulnerability record, including past critical issues like Remote File Inclusion, XSS, Missing Authorization, Deserialization, and SQL Injection, suggests a pattern of recurring security weaknesses that may not be fully addressed even with current patch status.

The static analysis reveals an attack surface with 33 entry points, 3 of which are unprotected, highlighting a direct risk of unauthorized actions. The use of dangerous functions like 'unserialize' without apparent safeguards in the taint analysis (2 high-severity flows) further exacerbates this risk, as it can lead to Remote Code Execution or Denial of Service if improperly handled user input is deserialized. Although the plugin has a considerable number of nonce and capability checks, the few missing ones on critical entry points are concerning. The vulnerability history, while showing no unpatched CVEs at present, indicates a past that is rife with serious vulnerabilities, requiring careful scrutiny of how these were remediated and if the underlying coding practices have fundamentally improved. Overall, while not in immediate critical danger due to lack of unpatched CVEs, the combination of unprotected entry points, critical taint flows, and a history of severe vulnerabilities warrants caution.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Dangerous function: unserialize
  • History of critical vulnerabilities
  • History of high vulnerabilities
  • History of medium vulnerabilities
Vulnerabilities
9

JoomSport – for Sports: Team & League, Football, Hockey & more Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2021
2021
3 CVEs in 2022
2022
2 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
4
High
3
Medium
2

9 total CVEs

CVE-2025-7721critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion

Oct 2, 2025 Patched in 5.7.4 (1d)
CVE-2024-12633high · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page

Jan 6, 2025 Patched in 5.6.18 (1d)
CVE-2024-44031medium · 4.3Missing Authorization

JoomSport <= 5.6.3 - Missing Authorization

Sep 24, 2024 Patched in 5.6.4 (9d)
CVE-2024-43355medium · 4.3Missing Authorization

JoomSport <= 5.3.0 - Missing Authorization

Aug 16, 2024 Patched in 5.5.7 (4d)
CVE-2022-4050critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JoomSport <= 5.2.7 - Unauthenticated SQL Injection

Nov 28, 2022 Patched in 5.2.8 (421d)
CVE-2022-2717high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby

Aug 8, 2022 Patched in 5.2.6 (533d)
CVE-2022-2718high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby

Aug 8, 2022 Patched in 5.2.6 (533d)
CVE-2021-24384critical · 9.8Deserialization of Untrusted Data

JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.1.7 - Object Injection

Jun 8, 2021 Patched in 5.1.8 (959d)
CVE-2019-14348critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

JoomSport – for Sports: Team & League, Football, Hockey & more < 3.4 - SQL Injection

Jul 29, 2019 Patched in 3.4 (1639d)
Code Analysis
Analyzed Mar 16, 2026

JoomSport – for Sports: Team & League, Football, Hockey & more Code Analysis

Dangerous Functions
16
Raw SQL Queries
149
416 prepared
Unescaped Output
575
2512 escaped
Nonce Checks
79
Capability Checks
36
File Operations
1
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$participiants = isset($group_partic) ? unserialize($group_partic):array();includes\helpers\joomsport-helper-objects.php:74
unserialize$metadata = isset($group->group_partic)? unserialize($group->group_partic):array();includes\helpers\joomsport-helper-objects.php:275
unserialize$groptions = isset($group->options)? unserialize($group->options):array();includes\helpers\joomsport-helper-objects.php:276
unserialize$metadata = unserialize($metas["_joomsport_match_general"][0]);includes\helpers\js-helper-matches-db.php:51
unserialize$metadata = unserialize($metas["_joomsport_match_general"][0]);includes\helpers\js-helper-matches-db.php:121
unserialize$participants_array = unserialize($group->group_partic);includes\joomsport-actions.php:165
unserialize$groptions = unserialize($group->options);includes\joomsport-actions.php:172
unserialize$options = unserialize($res[$intA]->meta_value);includes\joomsport-upgrade.php:21
unserialize$options = unserialize($res[$intA]->option_value);includes\joomsport-upgrade.php:42
unserialize$metadata = isset($group->group_partic)? unserialize($group->group_partic):array();includes\joomsport-widgets.php:166
unserialize$metadata = isset($group->group_partic)? unserialize($group->group_partic):array();includes\joomsport-widgets.php:522
unserialize$metadata = isset($group->group_partic)? unserialize($group->group_partic):array();includes\joomsport-widgets.php:802
unserialize$metadata2 = isset($groups[0]->group_partic)? unserialize($groups[0]->group_partic):array();includes\meta-boxes\joomsport-meta-team.php:542
unserialize$metadata = isset($group->group_partic)? unserialize($group->group_partic):array();includes\posts\joomsport-post-season.php:417
unserialize$grpart = isset($group->group_partic)? unserialize($group->group_partic):array();sportleague\base\wordpress\classes\class-jsport-getplayers.php:46
unserialize$partcipants = isset($group->group_partic)? unserialize($group->group_partic):array();sportleague\base\wordpress\classes\class-jsport-participant.php:35

Bundled Libraries

jQuerySelect2

SQL Query Safety

74% prepared565 total queries

Output Escaping

81% escaped3087 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

25 flows3 with unsanitized paths
drop_meta_box (includes\taxonomies\joomsport-taxonomy-tournament.php:92)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

JoomSport – for Sports: Team & League, Football, Hockey & more Attack Surface

Entry Points33
Unprotected3

AJAX Handlers 27

authwp_ajax_joomsport_order_matchdaysincludes\joomsport-actions.php:17
authwp_ajax_joomsport_demo_ttypeincludes\joomsport-setup-demo.php:96
authwp_ajax_getsubseventincludes\posts\joomsport-post-match.php:19
authwp_ajax_livematch_scoreincludes\posts\joomsport-post-match.php:20
authwp_ajax_player_seasonrelatedincludes\posts\joomsport-post-player.php:21
authwp_ajax_season_parentseasincludes\posts\joomsport-post-season.php:21
authwp_ajax_season_groupeditincludes\posts\joomsport-post-season.php:22
authwp_ajax_season_genermodalincludes\posts\joomsport-post-season.php:23
authwp_ajax_season_grouplistincludes\posts\joomsport-post-season.php:24
authwp_ajax_season_groupdelincludes\posts\joomsport-post-season.php:25
authwp_ajax_season_tournamentmodalincludes\posts\joomsport-post-season.php:26
authwp_ajax_joomsport_standings_shortcodeincludes\posts\joomsport-post-season.php:29
authwp_ajax_joomsport_group_shortcodeincludes\posts\joomsport-post-season.php:30
authwp_ajax_joomsport_grouppart_shortcodeincludes\posts\joomsport-post-season.php:31
authwp_ajax_joomsport_matches_shortcodeincludes\posts\joomsport-post-season.php:32
authwp_ajax_joomsport_plstat_shortcodeincludes\posts\joomsport-post-season.php:33
authwp_ajax_joomsport_matchday_shortcodeincludes\posts\joomsport-post-season.php:34
authwp_ajax_joomsport_matchdaylist_shortcodeincludes\posts\joomsport-post-season.php:35
authwp_ajax_joomsport_playerlist_shortcodeincludes\posts\joomsport-post-season.php:36
authwp_ajax_joomsport_md_loadincludes\posts\joomsport-post-season.php:37
noprivwp_ajax_joomsport_md_loadincludes\posts\joomsport-post-season.php:38
authwp_ajax_joomsport_teamstat_shortcodeincludes\posts\joomsport-post-season.php:40
authwp_ajax_joomsport_livematches_shortcodeincludes\posts\joomsport-post-season.php:41
authwp_ajax_create_tlsliderincludes\posts\joomsport-post-season.php:43
authwp_ajax_team_seasonrelatedincludes\posts\joomsport-post-team.php:21
authwp_ajax_mday_savematchincludes\taxonomies\joomsport-taxonomy-matchday.php:65
authwp_ajax_mday_saveknockincludes\taxonomies\joomsport-taxonomy-matchday.php:66

Shortcodes 6

[jsStandings] includes\joomsport-shortcodes.php:12
[jsMatches] includes\joomsport-shortcodes.php:13
[jsPlayerStat] includes\joomsport-shortcodes.php:14
[jsMatchDayStat] includes\joomsport-shortcodes.php:15
[jsMatchPlayerList] includes\joomsport-shortcodes.php:16
[jsTeamStat] includes\joomsport-shortcodes.php:17
WordPress Hooks 111
actionadmin_enqueue_scriptsincludes\3d\gallery-metabox-master\gallery.php:14
actionadd_meta_boxesincludes\3d\gallery-metabox-master\gallery.php:30
actionsave_postincludes\3d\gallery-metabox-master\gallery.php:72
filterposts_orderbyincludes\classes\matchday_types\joomsport-class-matchday-round.php:56
actionjoomsport_update_standingsincludes\joomsport-actions.php:10
actionjoomsport_update_playerlistincludes\joomsport-actions.php:11
actionjoomsport_calculate_boxscoreincludes\joomsport-actions.php:12
actionwp_headincludes\joomsport-actions.php:13
actionwp_enqueue_scriptsincludes\joomsport-actions.php:14
actionjoomsport_pull_matchincludes\joomsport-actions.php:15
filterjsblock_career_fields_selectedincludes\joomsport-actions.php:2080
filterpllist_order_sportincludes\joomsport-actions.php:2148
actionadmin_menuincludes\joomsport-admin-install.php:31
actionadmin_enqueue_scriptsincludes\joomsport-admin-install.php:34
actionadmin_enqueue_scriptsincludes\joomsport-admin-install.php:121
actionadmin_enqueue_scriptsincludes\joomsport-admin-install.php:122
actioninitincludes\joomsport-admin-install.php:705
actionwp_enqueue_scriptsincludes\joomsport-admin-install.php:706
filtercustom_menu_orderincludes\joomsport-admin-install.php:707
actionadmin_headincludes\joomsport-admin-install.php:777
actionafter_setup_themeincludes\joomsport-admin-install.php:778
filterparent_fileincludes\joomsport-admin-install.php:862
actioninitincludes\joomsport-admin-install.php:865
filterwp_kses_allowed_htmlincludes\joomsport-admin-install.php:889
filterauto_update_pluginincludes\joomsport-admin-install.php:899
actiondelete_postincludes\joomsport-delete.php:10
actionpre_delete_termincludes\joomsport-delete.php:11
actionpre_delete_termincludes\joomsport-delete.php:12
actionafter-joomsport_matchday-tableincludes\joomsport-delete.php:13
filterthe_titleincludes\joomsport-permalink.php:10
filterdocument_title_partsincludes\joomsport-permalink.php:55
filterpre_get_document_titleincludes\joomsport-permalink.php:109
filterpost_thumbnail_htmlincludes\joomsport-permalink.php:134
filterhas_post_thumbnailincludes\joomsport-permalink.php:150
filterwp_insert_post_dataincludes\joomsport-permalink.php:180
actioninitincludes\joomsport-post-types.php:11
actioninitincludes\joomsport-post-types.php:12
actionadmin_menuincludes\joomsport-setup-demo.php:22
actioninitincludes\joomsport-setup-demo.php:95
filtermce_external_pluginsincludes\joomsport-shortcodes.php:19
filtermce_buttonsincludes\joomsport-shortcodes.php:20
actionparse_requestincludes\joomsport-templates.php:12
filterthe_contentincludes\joomsport-templates.php:13
filtertemplate_includeincludes\joomsport-templates.php:14
actionpre_get_postsincludes\joomsport-user-rights.php:397
actionadmin_noticesincludes\joomsport-user-rights.php:430
actionload-post-new.phpincludes\joomsport-user-rights.php:431
filteruser_has_capincludes\joomsport-user-rights.php:454
actionwidgets_initincludes\joomsport-widgets.php:1052
actionload-edit-tags.phpincludes\meta-boxes\joomsport-meta-matchday.php:172
filterscreen_settingsincludes\meta-boxes\joomsport-meta-matchday.php:188
actionadmin_headincludes\meta-boxes\joomsport-meta-matchday.php:190
filterget_terms_argsincludes\meta-boxes\joomsport-meta-matchday.php:309
filterget_terms_argsincludes\meta-boxes\joomsport-meta-matchday.php:345
filtermanage_edit-joomsport_season_columnsincludes\meta-boxes\joomsport-meta-season.php:1133
actionmanage_joomsport_season_posts_custom_columnincludes\meta-boxes\joomsport-meta-season.php:1134
filterset-screen-optionincludes\moderator\joomsport-moder-mday.php:134
filterset-screen-optionincludes\pages\joomsport-page-boxfields.php:211
filterset-screen-optionincludes\pages\joomsport-page-events.php:197
filterset-screen-optionincludes\pages\joomsport-page-extrafields.php:211
filterset-screen-optionincludes\pages\joomsport-page-sports.php:194
filterset-screen-optionincludes\pages\joomsport-page-stages.php:171
actionadmin_initincludes\posts\joomsport-post-match.php:17
actionedit_form_after_titleincludes\posts\joomsport-post-match.php:18
actionedit_form_topincludes\posts\joomsport-post-match.php:72
actionsave_postincludes\posts\joomsport-post-match.php:117
actionadmin_initincludes\posts\joomsport-post-person.php:18
actionedit_form_after_titleincludes\posts\joomsport-post-person.php:19
actionsave_postincludes\posts\joomsport-post-person.php:77
actionadmin_initincludes\posts\joomsport-post-player.php:18
actionedit_form_after_titleincludes\posts\joomsport-post-player.php:19
actionadmin_footerincludes\posts\joomsport-post-player.php:20
actionsave_postincludes\posts\joomsport-post-player.php:102
actionadmin_initincludes\posts\joomsport-post-season.php:18
actionedit_form_after_titleincludes\posts\joomsport-post-season.php:19
actionadmin_footerincludes\posts\joomsport-post-season.php:20
actionadmin_print_scripts-post-new.phpincludes\posts\joomsport-post-season.php:27
actionadmin_print_scripts-edit-tags.phpincludes\posts\joomsport-post-season.php:28
actionsave_postincludes\posts\joomsport-post-season.php:118
actionwp_trash_postincludes\posts\joomsport-post-season.php:1048
filterwp_unique_post_slugincludes\posts\joomsport-post-season.php:1088
actionadmin_initincludes\posts\joomsport-post-team.php:18
actionedit_form_after_titleincludes\posts\joomsport-post-team.php:19
actionadmin_footerincludes\posts\joomsport-post-team.php:20
filterpost_type_labels_joomsport_teamincludes\posts\joomsport-post-team.php:22
actionsave_postincludes\posts\joomsport-post-team.php:109
actionadmin_initincludes\posts\joomsport-post-venue.php:19
actionedit_form_after_titleincludes\posts\joomsport-post-venue.php:20
actionsave_postincludes\posts\joomsport-post-venue.php:78
actionadd_meta_boxesincludes\taxonomies\joomsport-taxonomy-club.php:51
actionsave_postincludes\taxonomies\joomsport-taxonomy-club.php:52
actionadd_meta_boxesincludes\taxonomies\joomsport-taxonomy-matchday.php:54
actionsave_postincludes\taxonomies\joomsport-taxonomy-matchday.php:55
filtermanage_edit-joomsport_matchday_columnsincludes\taxonomies\joomsport-taxonomy-matchday.php:58
actionmanage_joomsport_matchday_custom_columnincludes\taxonomies\joomsport-taxonomy-matchday.php:59
actionjoomsport_matchday_edit_form_fieldsincludes\taxonomies\joomsport-taxonomy-matchday.php:60
actionjoomsport_matchday_add_form_fieldsincludes\taxonomies\joomsport-taxonomy-matchday.php:61
actionedited_joomsport_matchdayincludes\taxonomies\joomsport-taxonomy-matchday.php:62
actioncreated_joomsport_matchdayincludes\taxonomies\joomsport-taxonomy-matchday.php:63
filterget_terms_orderbyincludes\taxonomies\joomsport-taxonomy-matchday.php:195
actionadd_meta_boxesincludes\taxonomies\joomsport-taxonomy-personcategory.php:51
actionsave_postincludes\taxonomies\joomsport-taxonomy-personcategory.php:52
actionadd_meta_boxesincludes\taxonomies\joomsport-taxonomy-tournament.php:56
actionsave_postincludes\taxonomies\joomsport-taxonomy-tournament.php:57
filtermanage_edit-joomsport_tournament_columnsincludes\taxonomies\joomsport-taxonomy-tournament.php:60
actionmanage_joomsport_tournament_custom_columnincludes\taxonomies\joomsport-taxonomy-tournament.php:61
actionjoomsport_tournament_edit_form_fieldsincludes\taxonomies\joomsport-taxonomy-tournament.php:62
actionjoomsport_tournament_add_form_fieldsincludes\taxonomies\joomsport-taxonomy-tournament.php:63
actionedited_joomsport_tournamentincludes\taxonomies\joomsport-taxonomy-tournament.php:64
actioncreated_joomsport_tournamentincludes\taxonomies\joomsport-taxonomy-tournament.php:65
actionactivated_pluginjoomsport.php:69
Maintenance & Trust

JoomSport – for Sports: Team & League, Football, Hockey & more Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 11, 2026
PHP min version7.0
Downloads112K

Community Trust

Rating98/100
Number of ratings44
Active installs1K
Alternatives

JoomSport – for Sports: Team & League, Football, Hockey & more Alternatives

Soccer Engine – Soccer Plugin for WordPress

Soccer Engine – Soccer Plugin for WordPress

soccer-engine-lite

A
99

Soccer Engine is a plugin that lets bloggers and clubs add results, fixtures, match commentaries, transfers, and a wide range of stats to articles.

90 1 CVE
Victorious Fantasy Sports

Victorious Fantasy Sports

victorious

A
100

Victorious Fantasy Sports transforms your WordPress site into a fully‑featured fantasy platform. Create contests and leagues for any sport or market, &hellip;

20 No CVEs
SportsPress – Sports Club & League Manager

SportsPress – Sports Club & League Manager

sportspress

A
92

SportsPress is an extendable all-in-one sports data plugin that helps sports clubs set up and manage a league or club site quickly and easily.

10K 6 CVEs
Football Pool

Football Pool

football-pool

A
96

Add some game-day fun to your WordPress site! Let users predict match results, earn points, and go head-to-head in a fantasy sports pool.

700 8 CVEs
AnWP Sports Leagues – Basketball, Ice Hockey, Handball, Rugby & More

AnWP Sports Leagues – Basketball, Ice Hockey, Handball, Rugby & More

sports-leagues

A
100

Professional sports league management for WordPress. Track teams, players, games, statistics, tournaments & standings for any team sport.

200 No CVEs
Developer Profile

JoomSport – for Sports: Team & League, Football, Hockey & more Developer Profile

beardev

3 plugins · 1K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
456 days
View full developer profile
Detection Fingerprints

How We Detect JoomSport – for Sports: Team & League, Football, Hockey & more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/joomsport-sports-league-results-management/includes/3d/gallery-metabox-master/css/gallery-metabox.css/wp-content/plugins/joomsport-sports-league-results-management/includes/3d/gallery-metabox-master/js/gallery-metabox.js/wp-content/plugins/joomsport-sports-league-results-management/sportleague/assets/js/joomsport_live.js
Script Paths
/wp-content/plugins/joomsport-sports-league-results-management/includes/3d/gallery-metabox-master/js/gallery-metabox.js/wp-content/plugins/joomsport-sports-league-results-management/sportleague/assets/js/joomsport_live.js
Version Parameters
joomsport-sports-league-results-management/style.css?ver=gallery-metabox?ver=jsjoomsportlivemacthes?ver=

HTML / DOM Fingerprints

CSS Classes
gallery-addgallery-metabox-listimage-previewremove-image
Data Attributes
data-uploader-titledata-uploader-button-text
JS Globals
ajaxurljslAjax
FAQ

Frequently Asked Questions about JoomSport – for Sports: Team & League, Football, Hockey & more