Gamipress
by Gamipress
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1799 | Hig | 0.57 | 8.8 | 0.01 | Mar 20, 2024 | The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due… | ||
| CVE-2023-24000 | Hig | 0.55 | 8.2 | 0.03 | Oct 31, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | ||
| CVE-2025-47508 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ruben Garcia GamiPress gamipress allows PHP Local File Inclusion.This issue affects GamiPress: from n/a through <= 7.3.7. | ||
| CVE-2024-2783 | Med | 0.42 | 6.4 | 0.00 | Apr 9, 2024 | The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input… | ||
| CVE-2024-2460 | Med | 0.42 | 6.4 | 0.00 | Mar 20, 2024 | The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes… | ||
| CVE-2023-25715 | Med | 0.35 | 5.4 | 0.01 | Dec 19, 2023 | Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a… | ||
| CVE-2024-30455 | Med | 0.28 | 4.3 | 0.00 | Mar 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5. | ||
| CVE-2025-13812 | Med | 0.21 | 4.3 | 0.00 | Jan 6, 2026 | The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipress_ajax_get_posts and gamipress_ajax_get_users functions in all… | ||
| CVE-2024-8245 | 0.00 | — | 0.00 | May 15, 2025 | The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||
| CVE-2024-13496 | 0.00 | — | 0.02 | Jan 22, 2025 | The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user… | |||
| CVE-2024-13499 | 0.00 | — | 0.01 | Jan 22, 2025 | The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the… | |||
| CVE-2024-13495 | 0.00 | — | 0.01 | Jan 22, 2025 | The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the… | |||
| CVE-2024-11036 | 0.00 | — | 0.01 | Nov 19, 2024 | The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due… | |||
| CVE-2023-25697 | 0.00 | — | 0.00 | Jun 19, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6. |
- risk 0.57cvss 8.8epss 0.01
The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due…
- risk 0.55cvss 8.2epss 0.03
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.
- risk 0.49cvss 7.5epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ruben Garcia GamiPress gamipress allows PHP Local File Inclusion.This issue affects GamiPress: from n/a through <= 7.3.7.
- risk 0.42cvss 6.4epss 0.00
The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input…
- risk 0.42cvss 6.4epss 0.00
The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…
- risk 0.35cvss 5.4epss 0.01
Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5.
- risk 0.21cvss 4.3epss 0.00
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipress_ajax_get_posts and gamipress_ajax_get_users functions in all…
- CVE-2024-8245May 15, 2025risk 0.00cvss —epss 0.00
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
- CVE-2024-13496Jan 22, 2025risk 0.00cvss —epss 0.02
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user…
- CVE-2024-13499Jan 22, 2025risk 0.00cvss —epss 0.01
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the…
- CVE-2024-13495Jan 22, 2025risk 0.00cvss —epss 0.01
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the…
- CVE-2024-11036Nov 19, 2024risk 0.00cvss —epss 0.01
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due…
- CVE-2023-25697Jun 19, 2024risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.