CVE-2022-4050: 
WordPress vulnerability analysis and mitigation

CVE-2022-4050 affects the JoomSport WordPress plugin versions before 5.2.8. The vulnerability was discovered and publicly disclosed on November 28, 2022. This security issue impacts the WordPress plugin 'joomsport-sports-league-results-management' and affects websites using vulnerable versions of this plugin (WPScan).

The vulnerability is classified as an SQL injection (SQLI) with a CVSS v3.1 base score of 9.8 (CRITICAL), indicating maximum severity. The vulnerability exists because the plugin does not properly sanitize and escape a parameter before using it in a SQL statement. The technical classification aligns with OWASP Top 10 category A1: Injection and CWE-89 (WPScan, NVD).

This vulnerability allows unauthenticated users to perform SQL injection attacks against affected WordPress installations. Given the CVSS score of 9.8, the vulnerability can potentially lead to complete compromise of the system's confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed in JoomSport version 5.2.8. Website administrators running affected versions should immediately upgrade to version 5.2.8 or later to mitigate this security risk (WPScan).