The JoomSport plugin for WordPress is vulnerable to time-based blind SQL Injection (CVE-2026-6929) via the 'sortf' parameter in versions up to 5.7.7, allowing unauthenticated attackers to extract sensitive information from the database.
JoomSport – for Sports: Team & League, Football, Hockey & more plugin <= 5.7.7
sqli
wordpress
cve-2026-6929
joomsport
injection
2r
1t
1c