Vulnerabilities > Gamipress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-22 | CVE-2024-13495 | Code Injection vulnerability in Gamipress The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. | 7.3 |
| 2025-01-22 | CVE-2024-13496 | SQL Injection vulnerability in Gamipress The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-01-22 | CVE-2024-13499 | Code Injection vulnerability in Gamipress The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. | 7.3 |
| 2024-06-19 | CVE-2023-25697 | Unspecified vulnerability in Gamipress Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6. | 6.3 |
| 2024-06-05 | CVE-2024-5536 | Cross-site Scripting vulnerability in Gamipress - Link The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipress_link shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-29 | CVE-2024-30455 | Unspecified vulnerability in Gamipress Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5. | 4.3 |
| 2023-12-19 | CVE-2023-25715 | Unspecified vulnerability in Gamipress Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6. | 6.5 |
| 2023-10-31 | CVE-2023-24000 | Unspecified vulnerability in Gamipress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | 9.8 |
| 2023-02-06 | CVE-2023-0154 | Unspecified vulnerability in Gamipress The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |