VYPR

Player Leaderboard

by WordPress

Source repositories

CVEs (1)

  • CVE-2025-12824HigDec 12, 2025
    risk 0.57cvss 8.8epss 0.01

    The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.2 via the 'player_leaderboard' shortcode. This is due to the plugin using an unsanitized user-supplied value from the shortcode's 'mode' attribute in a…