CVE Catalog
CVE-2026-57749
HighCVSS 7.5Summary
The SportsPress Pro plugin version 2.7.29 and earlier contains a Contributor Local File Inclusion (LFI) vulnerability. This allows an attacker with contributor privileges to read sensitive files on the server.
Risk Assessment
The risk involves potential reading of confidential configuration files, passwords, or source code, which could lead to privilege escalation or data leakage.
Recommendation
It is recommended to immediately update the SportsPress Pro plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions.

