VYPR

Gamipress

by WordPress

Source repositories

CVEs (18)

  • CVE-2024-1799HigMar 20, 2024
    risk 0.57cvss 8.8epss 0.01

    The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due…

  • CVE-2026-48874HigJun 15, 2026
    risk 0.55cvss 8.5epss 0.00

    Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

  • CVE-2023-24000HigOct 31, 2023
    risk 0.54cvss 8.2epss 0.03

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.

  • CVE-2024-2505HigApr 29, 2024
    risk 0.53cvss 8.1epss 0.01

    The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access.…

  • CVE-2025-49326HigJun 6, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through <= 7.4.5.

  • CVE-2025-47508HigMay 7, 2025
    risk 0.49cvss 7.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ruben Garcia GamiPress gamipress allows PHP Local File Inclusion.This issue affects GamiPress: from n/a through <= 7.3.7.

  • CVE-2024-11036HigNov 19, 2024
    risk 0.48cvss 7.3epss 0.01

    The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due…

  • CVE-2024-13496HigJan 22, 2025
    risk 0.42cvss 7.5epss 0.02

    The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user…

  • CVE-2024-2783MedApr 9, 2024
    risk 0.42cvss 6.4epss 0.00

    The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input…

  • CVE-2024-13499HigJan 22, 2025
    risk 0.40cvss 7.3epss 0.01

    The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the…

  • CVE-2024-13495HigJan 22, 2025
    risk 0.40cvss 7.3epss 0.01

    The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the…

  • CVE-2026-32420MedMar 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.

  • CVE-2023-25715MedDec 19, 2023
    risk 0.35cvss 5.4epss 0.01

    Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a…

  • CVE-2023-0154MedFeb 6, 2023
    risk 0.35cvss 5.4epss 0.01

    The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting…

  • CVE-2026-24546MedMay 25, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3.

  • CVE-2024-8245MedMay 15, 2025
    risk 0.28cvss 4.3epss 0.00

    The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

  • CVE-2024-30455MedMar 29, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5.

  • CVE-2025-13812MedJan 6, 2026
    risk 0.21cvss 4.3epss 0.00

    The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipress_ajax_get_posts and gamipress_ajax_get_users functions in all…