Tennis Club Plugin Allows Attackers to Inject Malicious Code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Tennis Club Plugin Allows Attackers to Inject Malicious Code

CVE-2026-27437

Summary

A security issue in the Tennis Club plugin for WordPress allows attackers to inject malicious code into your website, potentially leading to data theft or unauthorized actions. This affects the Tennis Club plugin if you have version 1.2.3 or earlier installed. Update to the latest version to fix this issue.

Original title

Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3.

Original description

Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3.

nvd CVSS3.1 9.8

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/tennis-sportclub/vulnerability/w...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026