Every CVE whose affected-product data names Tournamatch, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2025-4594 — CVSS 6.4 (medium): The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button'…
CVE-2024-5627 — CVSS 5.4 (medium): The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as…
CVE-2024-5644 — CVSS 5.4 (medium): The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users…