CVE Catalog

CVE-2026-57749

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

The SportsPress Pro plugin version 2.7.29 and earlier contains a Contributor Local File Inclusion (LFI) vulnerability. This allows an attacker with contributor privileges to read sensitive files on the server.

Risk Assessment

The risk involves potential reading of confidential configuration files, passwords, or source code, which could lead to privilege escalation or data leakage.

Recommendation

It is recommended to immediately update the SportsPress Pro plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS