[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fk_20IsHEw5mkUeWwEd3VA17g8sUFSUUy5vHntbG7dBo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":72,"crawl_stats":37,"alternatives":80,"analysis":160,"fingerprints":607},"team-rosters","Team Rosters","4.8.2","Mark O'Donnell","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkodonnell\u002F","\u003Cp>The MSTW Team Rosters plugin manages rosters for multiple sports teams. It provides roster tables with built-in formats for high school, college, and professional teams as well as custom roster formats for baseball. Admins can repurpose data fields by re-labeling them, so rosters can be used for Office Directories, for example. See the \u003Ca href=\"http:\u002F\u002Fdev.shoalsummitsolutions.com\" rel=\"nofollow ugc\">MSTW Plugin Development Site\u003C\u002Fa> for examples.\u003C\u002Fp>\n\u003Cp>Players are assigned to team rosters using a Teams custom taxonomy. These taxonomies may now be linked to the MSTW Schedules & Scoreboards teams database, and the Team Rosters plugin can pull information on teams, such as their logos and colors, from that plugin.\u003C\u002Fp>\n\u003Cp>The plugin supports as many players and teams as needed. It provides several views of rosters including: a table (via a shortcode), a player gallery (via both a shortcode and a custom taxonomy template), and single player bio (via a custom post type template). Samples of all of the above displays are available in the screenshots on WordPress.org and on the \u003Ca href=\"http:\u002F\u002Fshoalsummitsolutions.com\u002Fdev\" rel=\"nofollow ugc\">Shoal Summit Solutions Plugin Development Site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>[The complete users manual is available at] (http:\u002F\u002Fshoalsummitsolutions.com\u002Fcategory\u002Fusers-manuals\u002Ftr-plugin\u002F)\u003C\u002Fp>\n\u003Ch3>Usage Notes\u003C\u002Fh3>\n\u003Cp>\u003Cem>I suggest that you use the test pages on \u003Ca href=\"http:\u002F\u002Fshoalsummitsolutions.com\u002Fdev\" rel=\"nofollow ugc\">the MSTW Plugin Development Site\u003C\u002Fa> as guides to what works and what doesn’t.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"http:\u002F\u002Fshoalsummitsolutions.com\u002Ftr-usage-notes\u002F\" rel=\"nofollow ugc\">Other Usage Notes\u003C\u002Fa> are available on shoalsummitsolutions.com.\u003C\u002Fp>\n\u003Ch3>4.8.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed problems with the single player profile created by the security fixes. \u003Ca href=\"http:\u002F\u002Fshoalsummitsolutions.com\u002Ftr-customizing\" rel=\"nofollow ugc\">See the Customizing the Team Rosters Plugin in the users manuals.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>4.8.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Re-corrected security issues identified by the WordPress team.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.8\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Corrected a security issues identified by the WordPress team\u003C\u002Fli>\n\u003Cli>Added a .pot file in the \u002Flang directory so the plugin is now translatable.\u003C\u002Fli>\n\u003Cli>Tested on PHP 8.2.23 and WP 6.7.2. \u003C\u002Fli>\n\u003Cli>Cleaned up more annoying PHP 8 warnings on new shoalsummitsolutions.com.\u003C\u002Fli>\n\u003Cli>No significant functional or performance changes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.7\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Tested on PHP version 8.2.23 & WordPress 6.7.1\u003C\u002Fli>\n\u003Cli>Cleaned up some minor code issues.\u003C\u002Fli>\n\u003Cli>No functional or performance changes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.6\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added new capability to customize the order of the fields\u002Fcolumns in roster tables (in addition to labels and visibility).\u003C\u002Fli>\n\u003Cli>Fixed issue which prevented player profiles for players on multiple teams from displaying correctly. Note this is only an issue if a site has a single player on multiple teams.\u003C\u002Fli>\n\u003Cli>Major improvements in player gallery responsiveness to the default fields\u002Fcolumns & color settings, combined with shortcode arguments. \u003C\u002Fli>\n\u003Cli>The gallery page (WP taxonomy) now accepts arguments.\u003C\u002Fli>\n\u003Cli>The single player template now responds correctly to the combined settings and shortcode args (passed to it).\u003C\u002Fli>\n\u003Cli>Re-tested CSV import (more CSV features coming in planned releases)\u003C\u002Fli>\n\u003Cli>Created a new POEdit Template for I18N (Internationalization & translation) support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.5\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added color settings for the team rosters 2 shortcode [mstw-tr-roster-2].\u003C\u002Fli>\n\u003Cli>Added field settings for the team rosters 2 shortcode [mstw-tr-roster-2].\u003C\u002Fli>\n\u003Cli>Added ‘roster_type’ settings for the 3 data fields in the team rosters 2 shortcode. \u003C\u002Fli>\n\u003Cli>Re-tested the color and field settings for all shortcodes. \u003C\u002Fli>\n\u003Cli>Removed the PHP each() function which has been removed from PHP 8.0.\u003C\u002Fli>\n\u003Cli>Fixed a couple of bugs with the bio page colors in the Settings admin page.\u003C\u002Fli>\n\u003Cli>Corrected a bug with the player bio page layout(template) which caused problems on some, but not all, websites.\u003C\u002Fli>\n\u003Cli>Corrected bug with roster table sort by number.\u003C\u002Fli>\n\u003Cli>Changed handling of height & weight columns. When both are displayed, they are now combined into one column.\u003C\u002Fli>\n\u003Cli>Changed the default color scheme of all shortcode displays\u003C\u002Fli>\n\u003Cli>Roster tables now sort correctly by number and name.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.4\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added new mstw_tr_roster_2 shortcode.\u003C\u002Fli>\n\u003Cli>Added new “long format” for the position field, so a player can have a postion of QB and a long format position of Quarterback. In this release, the long format is used only in the mstw_tr_roster_2 shortcode display.\u003C\u002Fli>\n\u003Cli>Re-designed the player profile\u002Fbio page to make it (much more) responsive.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed link to the plugin’s settings page from the Plugins admin page.\u003C\u002Fli>\n\u003Cli>Added a dropdown menu to the single player page that allows the user to access all players on a given team.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow user to sort roster tables by number and name on the front end.\u003C\u002Fli>\n\u003Cli>Fixed bug that prevented showing players by last name (only).\u003C\u002Fli>\n\u003Cli>Minor stylesheet cleanup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.1.4\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed bug with settings. Should be able to always save them now without PHP warnings.\u003C\u002Fli>\n\u003Cli>Removed call to get_screen_icon(). screen_icon() has been removed from WP core.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.1.3\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added mstw_tr_get_teams_list to allow MSTW League Manager to link rosters to teams.\u003C\u002Fli>\n\u003Cli>Removed add_meta_boxes_mstw_lm_team action to eliminate PHP warnings. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.1.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed a bug that prevented the Edit Rosters screen from saving any data.\u003C\u002Fli>\n\u003Cli>Customizations to labels in the Data Fields & Columns settings tab are now reflected on the appropriate admin screens, in addition to the front end displays.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.1.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed a couple of installation bugs. No new functionality.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added new admin screen to add players to rosters “in bulk” (paginated, 20 at a time).\u003C\u002Fli>\n\u003Cli>Added a new admin screen to edit players on a team “in bulk” (20 at a time).\u003C\u002Fli>\n\u003Cli>Added the capability to link the teams in Team Rosters to teams in the MSTW League Manager plugin, in addition to the MSTW Schedules & Scoreboards plugin. Team logos are pulled from the selected database when the display settings call for it. (Team Colors are available only in S&S currently, but that will be addressed in the next League Manager release.)\u003C\u002Fli>\n\u003Cli>Added a Quick Start admin screen.\u003C\u002Fli>\n\u003Cli>Added context sensitive help to all admin screens.\u003C\u002Fli>\n\u003Cli>Finally squashed the dastardly bug that ‘broke’ Featured Images (thumbnails) for posts in SOME THEMES. (I believe. Please let me know if you see this behavior again.)\u003C\u002Fli>\n\u003Cli>Corrected a bug that prevented “sort roster by number” from working in certain circumstances.\u003C\u002Fli>\n\u003Cli>Corrected a bug that prevented the CSV Import screen from using the team selected in the “Select Team to Import” control.\u003C\u002Fli>\n\u003Cli>Moved translation (internationalization) to [WordPress’s new “PolyGlots” system] (https:\u002F\u002Ftranslate.wordpress.org\u002F), and removed the \u002Flang\u002F directory from the plugin itself.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.0.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Made the mstw_tr_player Custom Post Type searchable\u003C\u002Fli>\n\u003Cli>Corrected a bug that caused local files to be copied into the Media Library when importing players from a CSV file and the Move Photos checkbox was not checked on the CSV Import screen.\u003C\u002Fli>\n\u003Cli>Added a sample CSV file for Teams import to the \u002Fcsv-examples directory.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.0.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Corrected a bug in display of ‘B’ hitters.\u003C\u002Fli>\n\u003Cli>Corrected a bug in the CSV importer that prevented the bats and throws columns created by MSTW CSV Exporter to import correctly.\u003C\u002Fli>\n\u003Cli>Removed a PHP warning from several front end displays.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Access controls for MSTW Admin, MSTW Team Rosters Admin, and Team Admins.\u003C\u002Fli>\n\u003Cli>New data fields for the team taxonomy to integrate with MSTW Schedules & Scoreboards Teams database\u003C\u002Fli>\n\u003Cli>Completely re-wrote the settings screen – organized with tabs and added help screens\u003C\u002Fli>\n\u003Cli>Re-orgainized Edit Player screen\u003C\u002Fli>\n\u003Cli>Added field to link Team taxonomy to MSTW Schedules & Scoreboards Teams DB\u003C\u002Fli>\n\u003Cli>Corrected the display of height\u002Fweight in the single-player.php template\u003C\u002Fli>\n\u003Cli>Cleaned up WP internationalization\u002Ftranslation. Domain was changed from mstw-loc-domain to mstw-team-rosters.\u003C\u002Fli>\n\u003Cli>Changed Custom Post Type & Taxonomy names to reduce the possibility of name collisions with themes and other plugins. THIS HAS A MAJOR IMPACT ON UPGRADES FROM PREVIOUS VERSIONS. READ HOW TO DO IT RIGHT HERE.\u003C\u002Fli>\n\u003Cli>Uses the single-player.php and taxonomy-team.php templates from the plugin’s \u002Ftheme-templates directory so the template no longer needs to be copied to the theme’s (or child theme’s) directory. But they can be moved to the main theme (or child theme) directory if desired. The plugin looks for them there first.\u003C\u002Fli>\n\u003Cli>The plugin’s stylesheet (\u002Fcss\u002Fmstw-tr-styles.css) no longer needs to be modified. One can create custom styles in the mstw-tr-custom-styles.css sytlesheet in the theme’s (or child theme’s) main directory. It will be loaded AFTER the plugin’s stylesheet in the plugin’s \u002Fcss directory, so mstw-tr-custom-styles.css will have the highest priory in the plugin’s style cascade.\u003C\u002Fli>\n\u003Cli>Added a setting to control the addition of links to single player profile pages from the player names in roster tables \u003C\u002Fli>\n\u003Cli>Integrated mstw_utility_functions – removed old mstw-admin-utils.php \u003C\u002Fli>\n\u003Cli>Added if ( !function_exists( ‘function_name’ ) ) wrappers to all include files\u003C\u002Fli>\n\u003Cli>The problem with filtering the All Players admin screen by Team MAY BE corrected. This bug only appeared on a few installations, so it’s difficult to test. If it rears its ugly head on your site, the first thing to try is to deactivate all other plugins, including any other MSTW plugins, and re-activate them one by one. Please let me know, and I’ll work with you to fix it.\u003C\u002Fli>\n\u003Cli>Cleaned up many details in admin UI\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3.1.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed a bug (a typo) that prevented the team gallery shortcode from behaving correctly.\u003C\u002Fli>\n\u003Cli>Fixed bug with the show\u002Fhide table title setting – titles could not be hidden with the display setting. Corrected and tested.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3.1.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed bug that prevented links to single player profiles from working with CHILD THEMES. If you aren’t using a CHILD THEME, you don’t need this patch.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fixed bug with sort order. Roster table and player gallery views both sort properly by number, first name, and last name.\u003C\u002Fli>\n\u003Cli>Fixed bug with show_height settings.\u003C\u002Fli>\n\u003Cli>Fixed minor bug: gallery sometimes linked to players\u002Fplayer-slug\u002F?format=” instead of players\u002Fplayer-slug\u002F?format=custom. This bug may or may not have an affect on a site, depending on formats and usage.\u003C\u002Fli>\n\u003Cli>Fixed the “Filter by Team” dropdown on the Show All Players admin screen. \u003C\u002Fli>\n\u003Cli>Re-enabled the bulk delete menu on the All Players screen.\u003C\u002Fli>\n\u003Cli>Enabled the “Other” field. It may now be used on all ‘custom’ displays but it is disabled by default.\u003C\u002Fli>\n\u003Cli>Improved responsiveness of single player profile page (single-player.php). Looks better on small screens.\u003C\u002Fli>\n\u003Cli>Combined \u003Ccode>single-player.php\u003C\u002Fcode> and \u003Ccode>content-single-player.php\u003C\u002Fcode> templates (into the \u003Ccode>single-player.php\u003C\u002Fcode> template. Why? …\u003C\u002Fli>\n\u003Cli>The use of links from the players\u002Froster gallery or players\u002Froster table to the single player profile is now determined by the existence of the \u003Ccode>single-player.php\u003C\u002Fcode> template in the active theme’s main directory. Removed the ‘use_xxx-links’ settings, which are now superfluous. If you want links, just put the \u003Ccode>single-player.php\u003C\u002Fcode> template in the right directory. If not, omit it.\u003C\u002Fli>\n\u003Cli>Re-factored the admin menu code. Added MSTW icon to admin menu and screens.\u003C\u002Fli>\n\u003Cli>The WordPress Color Selector has been added to all color settings in the admin settings screen.\u003C\u002Fli>\n\u003Cli>Added a control to show player photos in the roster tables (shortcode).\u003C\u002Fli>\n\u003Cli>Added a gallery shortcode. [mstw-tr-gallery team=team-slug]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3.0.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Tweaked two calls (one in mstw-team-rosters.php and one in includes\u002Fmstw-team-rosters-admin.php) to prevent WARNINGS. (Easily fixed by setting WP_DEBUG to false in wp-config.php.) \u003C\u002Fli>\n\u003Cli>Restructured the include files (filenames and function calls) to prevent conflicts with other MSTW plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added a filter by team to the “All Players” table on the admin screen (screenshot-1).\u003C\u002Fli>\n\u003Cli>Added ability to configure table columns and data fields to meet specific application requirements. Show\u002Fhide all columns (except Player Name) and change the header\u002Flabel of all columns and data fields. \u003C\u002Fli>\n\u003Cli>Provided additional color settings on the Display Settings admin screen, and refactored the code to improve performance.\u003C\u002Fli>\n\u003Cli>Added the new WordPress Color Selector to the Display Settings admin screen.\u003C\u002Fli>\n\u003Cli>Added more CSS tags the display code to allow any team’s rosters to be uniquely styled via the plugin’s stylesheet. \u003C\u002Fli>\n\u003Cli>Added player name format control to the Display Settings admin screen. Several formats are available, perhaps most importantly a first name only format is now available to address privacy concerns with young players.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Re-factored the featured image (thumbnail) activation code to avoid conflicts with another plugin. (Thanks, Razz.)\u003C\u002Fli>\n\u003Cli>In the process, modified the theme settings so that the player photo width and height settings would always be honored. The default remains 150x150px regardless of how the thumbnail sizes are set in the theme.\u003C\u002Fli>\n\u003Cli>Corrected another conflict with some themes due to my horrible choice of the function name – my_get_posts(). Shame on me … it’s now mstw_tr_get_posts(). Doh!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.0.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One include file was omitted from the build. That file is only needed for the CSV import function, which won’t run without it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added the ability to import rosters from CSV files\u003C\u002Fli>\n\u003Cli>Actived the Featured Image metabox on the add\u002Fedit page for players (player custom post type). Standard WordPress “Featured Images” are used for the player photos in the single player and player gallery pages.\u003C\u002Fli>\n\u003Cli>Added admin setting to hide player weights\u003C\u002Fli>\n\u003Cli>Added the ability to set the player photo size on the plugin settings page.\u003C\u002Fli>\n\u003Cli>Added three new formats for baseball: baseball-high-school, baseball-college, baseball-pro\u003C\u002Fli>\n\u003Cli>Cleaned up misc error checking and file\u002Ffunction includes to prevent conflicts with other plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Added the “Player Gallery” view of a roster\u003C\u002Fli>\n\u003Cli>Added admin settings for the sort order to allow numerical rosters in both the table [shortcode] and the player gallery.\u003C\u002Fli>\n\u003Cli>Added admin settings to enable or disable links from both the table view [shortcode] and the player gallery to the single player pages.\u003C\u002Fli>\n\u003Cli>Added an admin setting to control the title of the “Player Bio” content box on the single player view. By default, it is “Player Bio”.\u003C\u002Fli>\n\u003Cli>Added fields to the player post type so that no field serves different purposes in different views [high-school|college|pro]. Note that not every field is used in every views and many fields are used in multiple views. However, every field now has one and only one meaning.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Initial release.\u003C\u002Fli>\n\u003C\u002Ful>\n","Manages multiple team rosters. Creates roster tables, player galleries, and player profile pages.",200,35207,96,20,"2025-08-28T01:30:00.000Z","6.8.5","3.4.2","5.6",[20,21,22,4,23],"players","rosters","sports","teams","http:\u002F\u002Fshoalsummitsolutions.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fteam-rosters.4.8.2.zip",72,3,1,"2025-04-02 00:00:00","2026-03-15T15:16:48.613Z",[32,48,58],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-31905","team-rosters-reflected-cross-site-scripting","Team Rosters \u003C= 4.7 - Reflected Cross-Site Scripting","The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=4.7","4.8","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-08-28 15:51:39",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4f7fa392-e192-40db-9275-6da668d5a493?source=api-prod",149,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":53,"updated_date":54,"references":55,"days_to_patch":57},"CVE-2024-12320","team-rosters-reflected-cross-site-scripting-via-tab","Team Rosters \u003C= 4.7 - Reflected Cross-Site Scripting via 'tab'","The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","2025-01-30 00:40:54","2025-08-28 15:51:26",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F86b85505-8cae-4607-a645-5b127f6f37e7?source=api-prod",211,{"id":59,"url_slug":60,"title":61,"description":62,"plugin_slug":4,"theme_slug":37,"affected_versions":63,"patched_in_version":37,"severity":64,"cvss_score":65,"cvss_vector":66,"vuln_type":67,"published_date":68,"updated_date":69,"references":70,"days_to_patch":37},"CVE-2024-52439","team-rosters-unauthenticated-php-object-injection","Team Rosters \u003C= 4.8.2 - Unauthenticated PHP Object Injection","The Team Rosters plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.8.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","\u003C=4.8.2","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2024-11-18 00:00:00","2025-08-28 15:50:58",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F311636d5-e990-4cdd-af1c-8b9610afa73e?source=api-prod",{"slug":73,"display_name":7,"profile_url":8,"plugin_count":74,"total_installs":75,"avg_security_score":76,"avg_patch_time_days":77,"trust_score":78,"computed_at":79},"markodonnell",7,550,84,158,68,"2026-04-04T05:53:35.595Z",[81,103,116,127,150],{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":100,"download_link":101,"security_score":102,"vuln_count":91,"unpatched_count":91,"last_vuln_date":37,"fetched_at":30},"sportspress-for-soccer","SportsPress for Football (Soccer)","0.9.6","ThemeBoy","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeboy\u002F","\u003Ch4>Create a Professional Football Club Website\u003C\u002Fh4>\n\u003Cp>Transform your WordPress blog into a fully configurable website for your football club. Features a suite of football tools including soccer admin branding and own goals reporting.\u003C\u002Fp>\n\u003Cp>SportsPress for Football is currently in Beta. Please feel free to share your feedback with us so we can continue to develop and improve SportsPress for Football!\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FH-9CJ_UwSvw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Soccer Admin Branding to replace the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsportspress\u002F\" rel=\"ugc\">SportsPress\u003C\u002Fa> icon with a football\u003C\u002Fli>\n\u003Cli>Schedule Matches (Fixtures & Results)\u003C\u002Fli>\n\u003Cli>Football Field Information & Maps\u003C\u002Fli>\n\u003Cli>Own Goals Reporting with red football icon\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SportsPress Pro\u003C\u002Fh4>\n\u003Cp>Looking for more advanced football functionality? Upgrade to \u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fpro\" rel=\"nofollow ugc\">SportsPress Pro\u003C\u002Fa> to get access to more advanced features for your football club website.\u003C\u002Fp>\n\u003Ch4>SportsPress Themes for Clubs\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fcourtside\" rel=\"nofollow ugc\">Courtside\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Ffc\" rel=\"nofollow ugc\">Football Club\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fpremier\" rel=\"nofollow ugc\">Premier\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Femblem\" rel=\"nofollow ugc\">Emblem\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fmarquee\" rel=\"nofollow ugc\">Marquee\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Please Rate, Vote, and Enjoy!\u003C\u002Fh4>\n\u003Cp>Your feedback is much appreciated and makes all the difference in improving SportsPress for Football.\u003C\u002Fp>\n","SportsPress for Football is an extension for SportsPress, an all-in-one sports data plugin that helps sports clubs set up a football website.",6000,103714,0,"2020-08-27T14:48:00.000Z","5.5.18","3.8","",[20,97,22,98,99],"sport","statistics","stats","http:\u002F\u002Fthemeboy.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsportspress-for-soccer.0.9.6.zip",85,{"slug":104,"name":105,"version":106,"author":85,"author_profile":86,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":114,"homepage":100,"download_link":115,"security_score":102,"vuln_count":91,"unpatched_count":91,"last_vuln_date":37,"fetched_at":30},"sportspress-for-baseball","SportsPress for Baseball","1.0.2","\u003Ch4>Create a Professional Baseball Team Website\u003C\u002Fh4>\n\u003Cp>Transform your WordPress blog into a fully configurable website for your baseball team. Features a suite of baseball tools including baseball admin branding and own goals reporting.\u003C\u002Fp>\n\u003Cp>SportsPress for Baseball is currently in Beta. Please feel free to share your feedback with us so we can continue to develop and improve SportsPress for Baseball!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Baseball Admin Branding to replace the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsportspress\u002F\" rel=\"ugc\">SportsPress\u003C\u002Fa> icon with a baseball\u003C\u002Fli>\n\u003Cli>Display Accurate IP Statistics with Partial Innings using Decimal Notation\u003C\u002Fli>\n\u003Cli>Schedule Games with Pitching & Batting Stats\u003C\u002Fli>\n\u003Cli>Baseball Field Information & Maps\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SportsPress Pro\u003C\u002Fh4>\n\u003Cp>Looking for more advanced baseball functionality? Upgrade to \u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fpro\" rel=\"nofollow ugc\">SportsPress Pro\u003C\u002Fa> to get access to more advanced features for your baseball team website.\u003C\u002Fp>\n\u003Ch4>SportsPress Themes for Teams\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fcourtside\" rel=\"nofollow ugc\">Courtside\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Ffc\" rel=\"nofollow ugc\">Football Club\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fpremier\" rel=\"nofollow ugc\">Premier\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Femblem\" rel=\"nofollow ugc\">Emblem\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fmarquee\" rel=\"nofollow ugc\">Marquee\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Please Rate, Vote, and Enjoy!\u003C\u002Fh4>\n\u003Cp>Your feedback is much appreciated and makes all the difference in improving SportsPress for Baseball.\u003C\u002Fp>\n","SportsPress for Baseball is an extension for SportsPress, an all-in-one sports data plugin that helps sports teams set up a baseball website.",1000,15522,90,2,"2020-08-27T14:47:00.000Z",[20,97,22,98,99],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsportspress-for-baseball.1.0.2.zip",{"slug":117,"name":118,"version":119,"author":85,"author_profile":86,"description":120,"short_description":121,"active_installs":109,"downloaded":122,"rating":91,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":123,"homepage":100,"download_link":126,"security_score":102,"vuln_count":91,"unpatched_count":91,"last_vuln_date":37,"fetched_at":30},"sportspress-for-basketball","SportsPress for Basketball","0.9.1","\u003Ch4>Create a Professional Basketball Team Website\u003C\u002Fh4>\n\u003Cp>Transform your WordPress blog into a fully configurable website for your basketball team. Features a suite of basketball tools including basketball admin branding.\u003C\u002Fp>\n\u003Cp>SportsPress for Basketball is currently in Beta. Please feel free to share your feedback with us so we can continue to develop and improve SportsPress for Basketball!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Basketball Admin Branding to replace the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsportspress\u002F\" rel=\"ugc\">SportsPress\u003C\u002Fa> icon with a basketball\u003C\u002Fli>\n\u003Cli>Schedule Games (Fixtures & Results)\u003C\u002Fli>\n\u003Cli>Basketball Court Information & Maps\u003C\u002Fli>\n\u003Cli>Starting lineup and bench.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SportsPress Pro\u003C\u002Fh4>\n\u003Cp>Looking for more advanced basketball functionality? Upgrade to \u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fpro\" rel=\"nofollow ugc\">SportsPress Pro\u003C\u002Fa> to get access to more advanced features for your basketball team website.\u003C\u002Fp>\n\u003Ch4>SportsPress Themes for Teams\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fcourtside\" rel=\"nofollow ugc\">Courtside\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Ffc\" rel=\"nofollow ugc\">Football Club\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fpremier\" rel=\"nofollow ugc\">Premier\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Femblem\" rel=\"nofollow ugc\">Emblem\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fmarquee\" rel=\"nofollow ugc\">Marquee\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Please Rate, Vote, and Enjoy!\u003C\u002Fh4>\n\u003Cp>Your feedback is much appreciated and makes all the difference in improving SportsPress for Basketball.\u003C\u002Fp>\n","SportsPress for Basketball is an extension for SportsPress, an all-in-one sports data plugin that helps sports teams set up a basketball website.",40181,[124,125,20,97,22],"basketball","basketball-team","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsportspress-for-basketball.0.9.1.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":137,"num_ratings":138,"last_updated":139,"tested_up_to":140,"requires_at_least":141,"requires_php":142,"tags":143,"homepage":147,"download_link":148,"security_score":111,"vuln_count":27,"unpatched_count":91,"last_vuln_date":149,"fetched_at":30},"wp-club-manager","WP Club Manager – WordPress Sports Club Plugin","2.2.17","WP Club Manager","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpclubmanager\u002F","\u003Ch4>Build A Pro Sports Club Website With No Hassle\u003C\u002Fh4>\n\u003Cp>WP Club Manager is a sports plugin used to create and manage a club website with WordPress. Quick and easy to set-up, you can manage clubs, player profiles and performance data, staff, sponsors, league tables, keep track of your fixtures and results and loads more.\u003C\u002Fp>\n\u003Ch4>Endorsed by USA Rugby\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“\u003Cem>It’s perfect for the professional sports web developer and the first-time team administrator. Incredibly easy to customize and integrate, I highly recommend WP Club Manager to any sports teams that want a better website!\u003C\u002Fem>”\u003Cbr \u002F>\n  Davey Jacobson, \u003Cem>Information Systems Developer\u003C\u002Fem>, \u003Ca href=\"https:\u002F\u002Fwww.usa.rugby\" rel=\"nofollow ugc\">USA Rugby\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Manage multiple teams in your club\u003C\u002Fli>\n\u003Cli>Player and staff profiles\u003C\u002Fli>\n\u003Cli>Player performance ratings\u003C\u002Fli>\n\u003Cli>Full player statistics\u003C\u002Fli>\n\u003Cli>Informative club profiles with club stats\u003C\u002Fli>\n\u003Cli>Fixtures and results\u003C\u002Fli>\n\u003Cli>Automatically updated league tables\u003C\u002Fli>\n\u003Cli>Match statistics and reports\u003C\u002Fli>\n\u003Cli>Manage club sponsors\u003C\u002Fli>\n\u003Cli>Venue details and maps\u003C\u002Fli>\n\u003Cli>Fixture, results, player, table, sponsor and birthday widgets\u003C\u002Fli>\n\u003Cli>Easily Import matches, players, staff and clubs from a CSV file\u003C\u002Fli>\n\u003Cli>Easy-to-use Shortcodes\u003C\u002Fli>\n\u003Cli>Customize appearance with flexible templates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find out more about all each feature and more, please visit \u003Ca href=\"https:\u002F\u002Fwpclubmanager.com\" rel=\"nofollow ugc\">our site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Supported Sports\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>American Football\u003C\u002Fli>\n\u003Cli>Australian Rules Football\u003C\u002Fli>\n\u003Cli>Baseball\u003C\u002Fli>\n\u003Cli>Basketball\u003C\u002Fli>\n\u003Cli>Cricket\u003C\u002Fli>\n\u003Cli>Field Hockey\u003C\u002Fli>\n\u003Cli>Floorball\u003C\u002Fli>\n\u003Cli>Football (Soccer)\u003C\u002Fli>\n\u003Cli>Gaelic Football\u003C\u002Fli>\n\u003Cli>Handball\u003C\u002Fli>\n\u003Cli>Hurling\u003C\u002Fli>\n\u003Cli>Ice Hockey\u003C\u002Fli>\n\u003Cli>Lacrosse\u003C\u002Fli>\n\u003Cli>Netball\u003C\u002Fli>\n\u003Cli>Rugby League\u003C\u002Fli>\n\u003Cli>Rugby Union\u003C\u002Fli>\n\u003Cli>Volleyball\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Find extensive \u003Ca href=\"https:\u002F\u002Fwpclubmanager.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwpclubmanager.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">friendly support\u003C\u002Fa> at our \u003Ca href=\"https:\u002F\u002Fwpclubmanager.com\" rel=\"nofollow ugc\">plugin website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Themes & Extensions\u003C\u002Fh4>\n\u003Cp>The WP Club Manager plugin has a growing catalogue of themes to add extra functionality and a professional look to your club website. Browse through our collection of \u003Ca href=\"https:\u002F\u002Fwpclubmanager.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">WP Club Manager themes\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpclubmanager.com\u002Fproducts\u002Fvictory\u002F\" rel=\"nofollow ugc\">Victory Theme\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpclubmanager.com\u002Fproducts\u002Fscoreline\u002F\" rel=\"nofollow ugc\">Scoreline Theme\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Included Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Arabic – العربية (ar)\u003C\u002Fli>\n\u003Cli>Bulgarian – Български (bg_BG)\u003C\u002Fli>\n\u003Cli>Chinese (China) – 中文 (zh_CN)\u003C\u002Fli>\n\u003Cli>Croatian – Hrvatski (hr)\u003C\u002Fli>\n\u003Cli>Czech – Čeština (cs_CZ)\u003C\u002Fli>\n\u003Cli>Danish – Dansk (da_DK)\u003C\u002Fli>\n\u003Cli>Dutch – Nederlands (nl_NL)\u003C\u002Fli>\n\u003Cli>English – UK (en_GB)\u003C\u002Fli>\n\u003Cli>German – Deutsch (de_DE)\u003C\u002Fli>\n\u003Cli>Finnish – Suomi (fi)\u003C\u002Fli>\n\u003Cli>French – Français (fr_FR)\u003C\u002Fli>\n\u003Cli>Greek – Ελληνικά (el_GR)\u003C\u002Fli>\n\u003Cli>Hebrew – עברית (he_IL)\u003C\u002Fli>\n\u003Cli>Hungarian – Magyar (hu_HU)\u003C\u002Fli>\n\u003Cli>Italian – Italiano (it_IT)\u003C\u002Fli>\n\u003Cli>Latvian – Latviešu (lv_LV)\u003C\u002Fli>\n\u003Cli>Lithuanian – Lietuvių kalba (lt_LT)\u003C\u002Fli>\n\u003Cli>Persian – فارسی (fa_IR)\u003C\u002Fli>\n\u003Cli>Polish – Polski (pl_PL)\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil) – Português do Brasil (pt_BR)\u003C\u002Fli>\n\u003Cli>Portuguese (Portugal) – Português (pt_PT)\u003C\u002Fli>\n\u003Cli>Russian – Русский (ru_RU)\u003C\u002Fli>\n\u003Cli>Slovak – Slovenčina (sk_SK)\u003C\u002Fli>\n\u003Cli>Spanish – Español (es_ES)\u003C\u002Fli>\n\u003Cli>Swedish – Svenska (sv_SE)\u003C\u002Fli>\n\u003Cli>Turkish – Türkçe (tr_TR)\u003C\u002Fli>\n\u003Cli>Vietnamese – Tiếng Việt (vi)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Getting Involved\u003C\u002Fh4>\n\u003Cp>Translators can contribute to WP Club Manager translations at \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-club-manager\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Extensible, adaptable, and open source — WP Club Manager is created with developers in mind. Contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FClubPress\u002Fwp-club-manager\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Please Rate and Enjoy!\u003C\u002Fh4>\n\u003Cp>Please take a moment to leave a review on WordPress.org. Your feedback is much appreciated and helps towards the continued improvement of WP Club Manager.\u003C\u002Fp>\n","WP Club Manager is easy to set-up and has everything you need to build and manage an amazing sports club website.",700,129131,94,40,"2024-04-15T11:56:00.000Z","6.5.8","4.9","7.2",[144,145,97,146,23],"club","club-management","sports-club","https:\u002F\u002Fwpclubmanager.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-club-manager.2.2.17.zip","2024-04-22 00:00:00",{"slug":151,"name":152,"version":153,"author":85,"author_profile":86,"description":154,"short_description":155,"active_installs":156,"downloaded":157,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":158,"homepage":100,"download_link":159,"security_score":102,"vuln_count":91,"unpatched_count":91,"last_vuln_date":37,"fetched_at":30},"sportspress-for-cricket","SportsPress for Cricket","1.1.4","\u003Ch4>Create a Professional Cricket Website\u003C\u002Fh4>\n\u003Cp>Transform your WordPress blog into a fully configurable cricket website. Features a suite of cricket tools including separate batting and bowling statistics, a row to display extras and players who did not bat.\u003C\u002Fp>\n\u003Cp>Please feel free to share your feedback with us so we can continue to develop and improve SportsPress for Cricket!\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLQ68LB1_9rU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Cricket Admin Branding to replace the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsportspress\u002F\" rel=\"ugc\">SportsPress\u003C\u002Fa> icon with a cricket ball\u003C\u002Fli>\n\u003Cli>Schedule Matches (Fixtures & Results)\u003C\u002Fli>\n\u003Cli>Record Extras\u003C\u002Fli>\n\u003Cli>Calculate Totals including Extras\u003C\u002Fli>\n\u003Cli>Display players who did not bat in a separate section\u003C\u002Fli>\n\u003Cli>Swap batsmen from home and away team in scorecard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SportsPress Pro\u003C\u002Fh4>\n\u003Cp>Looking for more advanced cricket functionality? Upgrade to \u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fpro\" rel=\"nofollow ugc\">SportsPress Pro\u003C\u002Fa> to get access to more advanced features for your cricket club website.\u003C\u002Fp>\n\u003Ch4>SportsPress Themes for Clubs\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fcourtside\" rel=\"nofollow ugc\">Courtside\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Ffc\" rel=\"nofollow ugc\">Football Club\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fpremier\" rel=\"nofollow ugc\">Premier\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Femblem\" rel=\"nofollow ugc\">Emblem\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftboy.co\u002Fmarquee\" rel=\"nofollow ugc\">Marquee\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Please Rate, Vote, and Enjoy!\u003C\u002Fh4>\n\u003Cp>Your feedback is much appreciated and makes all the difference in improving SportsPress for Cricket.\u003C\u002Fp>\n","SportsPress for Cricket is an extension for SportsPress, an all-in-one sports data plugin that helps sports clubs set up a cricket website.",600,18825,[20,97,22,98,99],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsportspress-for-cricket.1.1.4.zip",{"attackSurface":161,"codeSignals":376,"taintFlows":420,"riskAssessment":592,"analyzedAt":606},{"hooks":162,"ajaxHandlers":342,"restRoutes":355,"shortcodes":356,"cronEvents":374,"entryPointCount":375,"unprotectedCount":27},[163,170,173,178,182,186,190,194,198,202,206,210,213,217,221,225,229,233,237,241,245,248,251,255,260,264,267,269,272,275,279,283,287,291,295,299,302,307,311,316,320,323,327,331,334,338],{"type":164,"name":165,"callback":166,"priority":167,"file":168,"line":169},"action","created_mstw_tr_team","create_team_meta",10,"includes\\mstw-tr-admin.php",81,{"type":164,"name":171,"callback":172,"priority":167,"file":168,"line":76},"edit_mstw_tr_team","edit_team_meta",{"type":174,"name":175,"callback":176,"priority":167,"file":168,"line":177},"filter","manage_edit-mstw_tr_team_columns","manage_team_columns",87,{"type":174,"name":179,"callback":180,"file":168,"line":181},"manage_edit-mstw_tr_team_sortable_columns","set_sortable_columns",89,{"type":174,"name":183,"callback":184,"priority":167,"file":168,"line":185},"manage_mstw_tr_team_custom_column","fill_custom_columns",91,{"type":174,"name":187,"callback":188,"file":168,"line":189},"mstw_tr_team_row_actions","team_row_actions",93,{"type":164,"name":191,"callback":192,"file":168,"line":193},"admin_enqueue_scripts","mstw_tr_admin_enqueue_scripts",100,{"type":164,"name":195,"callback":196,"file":168,"line":197},"admin_menu","mstw_tr_register_menu_pages",103,{"type":164,"name":199,"callback":200,"file":168,"line":201},"admin_init","mstw_tr_admin_init",106,{"type":164,"name":203,"callback":204,"file":168,"line":205},"admin_notices","mstw_tr_admin_notice",107,{"type":164,"name":207,"callback":208,"file":168,"line":209},"admin_head-post.php","mstw_tr_hide_publishing_actions",111,{"type":164,"name":211,"callback":208,"file":168,"line":212},"admin_head-post-new.php",112,{"type":164,"name":214,"callback":215,"file":168,"line":216},"admin_head-edit.php","mstw_tr_hide_list_icons",116,{"type":174,"name":218,"callback":219,"priority":167,"file":168,"line":220},"post_row_actions","mstw_tr_remove_quick_edit",120,{"type":174,"name":222,"callback":223,"file":168,"line":224},"bulk_actions-edit-mstw_tr_player","mstw_tr_bulk_actions",124,{"type":174,"name":226,"callback":227,"file":168,"line":228},"post_updated_messages","mstw_tr_updated_messages",128,{"type":174,"name":230,"callback":231,"priority":167,"file":168,"line":232},"bulk_post_updated_messages","mstw_tr_bulk_post_updated_messages",132,{"type":174,"name":234,"callback":235,"file":168,"line":236},"term_updated_messages","mstw_tr_updated_term_messages",136,{"type":164,"name":238,"callback":239,"file":168,"line":240},"load-edit-tags.php","add_help",384,{"type":164,"name":242,"callback":243,"file":168,"line":244},"load-edit.php","mstw_tr_add_help",407,{"type":164,"name":246,"callback":243,"file":168,"line":247},"load-post.php",408,{"type":164,"name":249,"callback":243,"file":168,"line":250},"load-post-new.php",409,{"type":164,"name":252,"callback":253,"file":168,"line":254},"option_page_capability_mstw_tr_settings","mstw_tr_set_option_page_capabilities",463,{"type":164,"name":256,"callback":257,"file":258,"line":259},"edit_form_after_title","mstw_tr_build_player_screen","includes\\mstw-tr-player-cpt-admin.php",28,{"type":164,"name":261,"callback":262,"file":258,"line":263},"do_meta_boxes","mstw_tr_change_featured_image_box",46,{"type":164,"name":211,"callback":265,"file":258,"line":266},"mstw_tr_set_featured_image_text_filter",60,{"type":164,"name":207,"callback":265,"file":258,"line":268},61,{"type":174,"name":270,"callback":271,"file":258,"line":78},"admin_post_thumbnail_html","mstw_tr_change_featured_image_link",{"type":164,"name":273,"callback":274,"file":258,"line":185},"add_meta_boxes_mstw_tr_player","mstw_tr_player_metaboxes",{"type":164,"name":276,"callback":277,"priority":14,"file":258,"line":278},"save_post_mstw_tr_player","mstw_tr_save_player_meta",321,{"type":174,"name":280,"callback":281,"file":258,"line":282},"manage_edit-mstw_tr_player_columns","mstw_tr_edit_player_columns",398,{"type":164,"name":284,"callback":285,"priority":167,"file":258,"line":286},"manage_mstw_tr_player_posts_custom_column","mstw_tr_manage_player_columns",428,{"type":174,"name":288,"callback":289,"file":258,"line":290},"manage_edit-mstw_tr_player_sortable_columns","mstw_tr_players_columns_sort",499,{"type":164,"name":292,"callback":293,"file":258,"line":294},"restrict_manage_posts","mstw_tr_restrict_players_by_team",519,{"type":174,"name":296,"callback":297,"file":258,"line":298},"request","mstw_ss_players_column_order",572,{"type":164,"name":276,"callback":277,"priority":14,"file":300,"line":301},"includes\\mstw-tr-team-roster-admin-class.php",862,{"type":164,"name":303,"callback":304,"priority":167,"file":305,"line":306},"mstw_tr_team_add_form_fields","team_add_form","includes\\mstw-tr-team-tax-admin-class.php",55,{"type":164,"name":308,"callback":309,"priority":167,"file":305,"line":310},"mstw_tr_team_edit_form_fields","team_edit_form",58,{"type":164,"name":312,"callback":313,"file":314,"line":315},"init","mstw_tr_init","mstw-team-rosters.php",23,{"type":174,"name":317,"callback":318,"priority":14,"file":314,"line":319},"single_template","mstw_tr_single_player_template",63,{"type":174,"name":321,"callback":322,"priority":14,"file":314,"line":78},"taxonomy_template","mstw_tr_taxonomy_team_template",{"type":164,"name":312,"callback":324,"priority":325,"file":314,"line":326},"mstw_tr_add_shortcodes",99,88,{"type":174,"name":328,"callback":329,"file":314,"line":330},"wp_head","mstw_tr_add_css",386,{"type":164,"name":312,"callback":332,"file":314,"line":333},"mstw_tr_load_localization",541,{"type":164,"name":335,"callback":336,"file":314,"line":337},"wp_enqueue_scripts","mstw_tr_enqueue_styles",598,{"type":164,"name":339,"callback":340,"file":314,"line":341},"after_setup_theme","mstw_tr_add_feat_img",690,[343,348,352],{"action":344,"nopriv":345,"callback":346,"hasNonce":345,"hasCapCheck":345,"file":314,"line":347},"team_rosters",false,"mstw_tr_ajax_callback",83,{"action":349,"nopriv":345,"callback":350,"hasNonce":345,"hasCapCheck":345,"file":314,"line":351},"sort_roster","mstw_tr_sort_roster_ajax_callback",725,{"action":349,"nopriv":353,"callback":350,"hasNonce":345,"hasCapCheck":345,"file":314,"line":354},true,726,[],[357,361,363,366,369,372],{"tag":358,"callback":359,"file":360,"line":14},"mstw_tr_roster_2","shortcodeHandler","includes\\mstw-tr-roster-tables-class.php",{"tag":362,"callback":359,"file":360,"line":315},"mstw-tr-roster-2",{"tag":364,"callback":365,"file":314,"line":137},"mstw-tr-gallery","mstw_tr_roster_gallery_handler",{"tag":367,"callback":365,"file":314,"line":368},"mstw_tr_gallery",97,{"tag":370,"callback":371,"file":314,"line":193},"mstw-tr-roster","mstw_tr_roster_table_handler",{"tag":373,"callback":371,"file":314,"line":197},"mstw_tr_roster",[],9,{"dangerousFunctions":377,"sqlUsage":385,"outputEscaping":387,"fileOperations":417,"externalRequests":91,"nonceChecks":417,"capabilityChecks":418,"bundledLibraries":419},[378,383],{"fn":379,"file":380,"line":381,"context":382},"unserialize","theme-templates\\single-player-nonce.php",104,"$args = unserialize( base64_decode( $argsStr ) );",{"fn":379,"file":384,"line":368,"context":382},"theme-templates\\single-player.php",{"prepared":112,"raw":91,"locations":386},[],{"escaped":388,"rawEcho":389,"locations":390},578,11,[391,394,397,400,402,405,407,409,410,412,415],{"file":168,"line":392,"context":393},629,"raw output",{"file":395,"line":396,"context":393},"includes\\mstw-tr-player-profiles-galleries-settings.php",187,{"file":398,"line":399,"context":393},"includes\\mstw-tr-roster-color-settings.php",266,{"file":398,"line":401,"context":393},277,{"file":403,"line":404,"context":393},"includes\\mstw-tr-roster-table-settings.php",302,{"file":403,"line":406,"context":393},309,{"file":360,"line":408,"context":393},78,{"file":360,"line":189,"context":393},{"file":360,"line":411,"context":393},168,{"file":413,"line":414,"context":393},"includes\\mstw-tr-utility-functions.php",1766,{"file":314,"line":416,"context":393},781,5,8,[],[421,437,456,466,482,493,509,520,528,539,547,562,573],{"entryPoint":422,"graph":423,"unsanitizedCount":28,"severity":40},"mstw_tr_ajax_callback (includes\\mstw-tr-admin.php:598)",{"nodes":424,"edges":435},[425,430],{"id":426,"type":427,"label":428,"file":168,"line":429},"n0","source","$_POST",604,{"id":431,"type":432,"label":433,"file":168,"line":392,"wp_function":434},"n1","sink","echo() [XSS]","echo",[436],{"from":426,"to":431,"sanitized":345},{"entryPoint":438,"graph":439,"unsanitizedCount":28,"severity":40},"post (includes\\mstw-tr-csv-import-class.php:221)",{"nodes":440,"edges":453},[441,445,448],{"id":426,"type":427,"label":442,"file":443,"line":444},"$_FILES","includes\\mstw-tr-csv-import-class.php",296,{"id":431,"type":446,"label":447,"file":443,"line":444},"transform","→ stripBOM()",{"id":449,"type":432,"label":450,"file":443,"line":451,"wp_function":452},"n2","file_put_contents() [File Write]",774,"file_put_contents",[454,455],{"from":426,"to":431,"sanitized":345},{"from":431,"to":449,"sanitized":345},{"entryPoint":457,"graph":458,"unsanitizedCount":28,"severity":40},"\u003Cmstw-tr-csv-import-class> (includes\\mstw-tr-csv-import-class.php:0)",{"nodes":459,"edges":463},[460,461,462],{"id":426,"type":427,"label":442,"file":443,"line":444},{"id":431,"type":446,"label":447,"file":443,"line":444},{"id":449,"type":432,"label":450,"file":443,"line":451,"wp_function":452},[464,465],{"from":426,"to":431,"sanitized":345},{"from":431,"to":449,"sanitized":345},{"entryPoint":467,"graph":468,"unsanitizedCount":28,"severity":481},"mstw_tr_ajax_change_team (includes\\mstw-tr-admin.php:645)",{"nodes":469,"edges":478},[470,472,474],{"id":426,"type":427,"label":428,"file":168,"line":471},662,{"id":431,"type":446,"label":473,"file":168,"line":471},"→ mstw_tr_set_current_team()",{"id":449,"type":432,"label":475,"file":413,"line":476,"wp_function":477},"update_option() [Settings Manipulation]",1320,"update_option",[479,480],{"from":426,"to":431,"sanitized":345},{"from":431,"to":449,"sanitized":345},"low",{"entryPoint":483,"graph":484,"unsanitizedCount":28,"severity":481},"mstw_tr_ajax_add_team (includes\\mstw-tr-admin.php:689)",{"nodes":485,"edges":490},[486,488,489],{"id":426,"type":427,"label":428,"file":168,"line":487},704,{"id":431,"type":446,"label":473,"file":168,"line":487},{"id":449,"type":432,"label":475,"file":413,"line":476,"wp_function":477},[491,492],{"from":426,"to":431,"sanitized":345},{"from":431,"to":449,"sanitized":345},{"entryPoint":494,"graph":495,"unsanitizedCount":112,"severity":481},"\u003Cmstw-tr-admin> (includes\\mstw-tr-admin.php:0)",{"nodes":496,"edges":505},[497,498,499,501,503],{"id":426,"type":427,"label":428,"file":168,"line":429},{"id":431,"type":432,"label":433,"file":168,"line":392,"wp_function":434},{"id":449,"type":427,"label":500,"file":168,"line":471},"$_POST (x2)",{"id":502,"type":446,"label":473,"file":168,"line":471},"n3",{"id":504,"type":432,"label":475,"file":413,"line":476,"wp_function":477},"n4",[506,507,508],{"from":426,"to":431,"sanitized":353},{"from":449,"to":502,"sanitized":345},{"from":502,"to":504,"sanitized":345},{"entryPoint":510,"graph":511,"unsanitizedCount":91,"severity":481},"mstw_tr_restrict_players_by_team (includes\\mstw-tr-player-cpt-admin.php:522)",{"nodes":512,"edges":518},[513,516],{"id":426,"type":427,"label":514,"file":258,"line":515},"$_GET",552,{"id":431,"type":432,"label":433,"file":258,"line":517,"wp_function":434},558,[519],{"from":426,"to":431,"sanitized":353},{"entryPoint":521,"graph":522,"unsanitizedCount":91,"severity":481},"\u003Cmstw-tr-player-cpt-admin> (includes\\mstw-tr-player-cpt-admin.php:0)",{"nodes":523,"edges":526},[524,525],{"id":426,"type":427,"label":514,"file":258,"line":515},{"id":431,"type":432,"label":433,"file":258,"line":517,"wp_function":434},[527],{"from":426,"to":431,"sanitized":353},{"entryPoint":529,"graph":530,"unsanitizedCount":91,"severity":481},"mstw_tr_settings_page (includes\\mstw-tr-settings.php:27)",{"nodes":531,"edges":537},[532,535],{"id":426,"type":427,"label":514,"file":533,"line":534},"includes\\mstw-tr-settings.php",53,{"id":431,"type":432,"label":433,"file":533,"line":536,"wp_function":434},135,[538],{"from":426,"to":431,"sanitized":353},{"entryPoint":540,"graph":541,"unsanitizedCount":91,"severity":481},"\u003Cmstw-tr-settings> (includes\\mstw-tr-settings.php:0)",{"nodes":542,"edges":545},[543,544],{"id":426,"type":427,"label":514,"file":533,"line":534},{"id":431,"type":432,"label":433,"file":533,"line":536,"wp_function":434},[546],{"from":426,"to":431,"sanitized":353},{"entryPoint":548,"graph":549,"unsanitizedCount":91,"severity":481},"\u003Csingle-player-nonce> (theme-templates\\single-player-nonce.php:0)",{"nodes":550,"edges":559},[551,552,554,557],{"id":426,"type":427,"label":514,"file":380,"line":189},{"id":431,"type":432,"label":553,"file":380,"line":381,"wp_function":379},"unserialize() [Object Injection]",{"id":449,"type":427,"label":555,"file":380,"line":556},"$_GET (x21)",65,{"id":502,"type":432,"label":433,"file":380,"line":558,"wp_function":434},127,[560,561],{"from":426,"to":431,"sanitized":353},{"from":449,"to":502,"sanitized":353},{"entryPoint":563,"graph":564,"unsanitizedCount":91,"severity":481},"\u003Ctaxonomy-team> (theme-templates\\taxonomy-team.php:0)",{"nodes":565,"edges":571},[566,569],{"id":426,"type":427,"label":567,"file":568,"line":76},"$_SERVER (x4)","theme-templates\\taxonomy-team.php",{"id":431,"type":432,"label":433,"file":568,"line":570,"wp_function":434},101,[572],{"from":426,"to":431,"sanitized":353},{"entryPoint":574,"graph":575,"unsanitizedCount":112,"severity":591},"\u003Csingle-player> (theme-templates\\single-player.php:0)",{"nodes":576,"edges":587},[577,579,580,582,583,584],{"id":426,"type":427,"label":514,"file":384,"line":578},86,{"id":431,"type":432,"label":553,"file":384,"line":368,"wp_function":379},{"id":449,"type":427,"label":581,"file":384,"line":310},"$_GET (x20)",{"id":502,"type":432,"label":433,"file":384,"line":220,"wp_function":434},{"id":504,"type":427,"label":514,"file":384,"line":310},{"id":585,"type":432,"label":433,"file":384,"line":586,"wp_function":434},"n5",129,[588,589,590],{"from":426,"to":431,"sanitized":345},{"from":449,"to":502,"sanitized":353},{"from":504,"to":585,"sanitized":345},"high",{"summary":593,"deductions":594},"The \"team-rosters\" plugin v4.8.2 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped outputs, several concerning areas require attention. The presence of two dangerous `unserialize` functions in the code, coupled with 7 flows with unsanitized paths (one of critical severity), indicates a significant risk of deserialization vulnerabilities and potential for code execution or data manipulation if these functions are triggered with untrusted input. Furthermore, the plugin has a history of 3 known CVEs, with one critical and unpatched vulnerability, suggesting a recurring pattern of severe security weaknesses. The presence of 3 unprotected AJAX handlers also expands the attack surface to potentially unauthenticated users. While the plugin has strengths in its SQL handling and output escaping, the identified deserialization risks and past vulnerabilities, particularly the unpatched critical one, elevate the overall risk level. Users should exercise extreme caution and prioritize updating or removing this plugin until all critical vulnerabilities are addressed.",[595,597,600,602,604],{"reason":596,"points":14},"Unpatched Critical CVE",{"reason":598,"points":599},"Critical Taint Flow",15,{"reason":601,"points":167},"Dangerous Function: unserialize",{"reason":603,"points":167},"Unprotected AJAX Handlers",{"reason":605,"points":74},"Unsanitized Paths in Taint Flows","2026-03-16T20:19:21.596Z",{"wat":608,"direct":620},{"assetPaths":609,"generatorPatterns":617,"scriptPaths":618,"versionParams":619},[610,611,612,613,614,615,616],"\u002Fwp-content\u002Fplugins\u002Fteam-rosters\u002Fincludes\u002Fmstw-utility-functions.php","\u002Fwp-content\u002Fplugins\u002Fteam-rosters\u002Fincludes\u002Fmstw-tr-utility-functions.php","\u002Fwp-content\u002Fplugins\u002Fteam-rosters\u002Fincludes\u002Fmstw-tr-roster-table.php","\u002Fwp-content\u002Fplugins\u002Fteam-rosters\u002Fincludes\u002Fmstw-tr-roster-tables-class.php","\u002Fwp-content\u002Fplugins\u002Fteam-rosters\u002Fincludes\u002Fmstw-tr-roster-gallery.php","\u002Fwp-content\u002Fplugins\u002Fteam-rosters\u002Fincludes\u002Fmstw-tr-cpts.php","\u002Fwp-content\u002Fplugins\u002Fteam-rosters\u002Fincludes\u002Fmstw-tr-admin.php",[],[],[],{"cssClasses":621,"htmlComments":622,"htmlAttributes":623,"restEndpoints":624,"jsGlobals":625,"shortcodeOutput":626},[],[],[],[],[],[627,628,629,630],"[mstw-tr-gallery]","[mstw_tr_gallery]","[mstw-tr-roster]","[mstw_tr_roster]"]