The Live Scores for SportsPress plugin for WordPress is not secure in versions up to, and including, 1.9.0. This security issue could allow an attacker who is already logged in to the website to access or execute files on the server that they should not have access to. This could be used to expose sensitive information, bypass access controls, or even execute malicious code. It is possible because the plugin allows files, such as images, to be uploaded and included.