Vulnerabilities > CVE-2023-25715 - Missing Authorization vulnerability in Gamipress

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

gamipress

CWE-862

NVD

Published: 2023-12-19

Updated: 2023-12-28

Summary

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6.

Vulnerable Configurations

Part	Description	Count
Application	Gamipress Gamipress Gamipress - Gamipress Gamipress 2.5.0 Gamipress Gamipress 2.5.1 Gamipress Gamipress 2.5.2 Gamipress Gamipress 2.5.3 Gamipress Gamipress 2.5.4 Gamipress Gamipress 2.5.5 Gamipress Gamipress 2.5.6	8

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://patchstack.com/database/vulnerability/gamipress/wordpress-gamipress-plugin-2-5-6-missing-authorization-leading-to-points-manipulation-vulnerability?_s_id=cve