EUVD-2026-36852
GHSA-xfmm-2ph2-w9fw
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Network-reachable WordPress endpoint, low-complexity SQLi, requires subscriber auth (PR:L), no user interaction; SQLi reads cross-component database data (S:C, C:H) with limited write/availability effect (I:N, A:L).
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Subscriber SQL Injection in GamiPress <= 7.8.7 versions.
AnalysisAI
SQL injection in the GamiPress WordPress plugin versions 7.8.7 and earlier allows authenticated users with subscriber-level privileges to inject arbitrary SQL queries against the WordPress database. The flaw was reported by Patchstack and affects standard installations of the plugin, enabling attackers with the lowest authenticated role to read sensitive database contents and cause limited integrity or availability impact via the scope-changed condition. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires (1) a reachable WordPress instance running GamiPress plugin version 7.8.7 or earlier, and (2) an authenticated session at WordPress subscriber role or higher - obtainable trivially on any site permitting self-registration (the WordPress default when 'Anyone can register' is enabled). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L) yields 8.5 (High), driven by network reachability, low complexity, low-privilege requirement, and a scope change that produces high confidentiality impact on data beyond the vulnerable component - consistent with subscriber-level SQLi reaching the entire WordPress database. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free subscriber account on a target WordPress site running GamiPress 7.8.7 or earlier, then sends a crafted HTTP request to a vulnerable plugin endpoint with malicious SQL appended to a parameter. The injected query exfiltrates sensitive data such as wp_users password hashes, secret keys, or private post content from the WordPress database; the scope-changed CVSS rating reflects that data beyond GamiPress's own tables is reachable. … |
| Remediation | Upgrade GamiPress to a version newer than 7.8.7 per the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/gamipress/vulnerability/wordpress-gamipress-plugin-7-8-7-sql-injection-vulnerability; an exact fixed version is not stated in the available input, so verify the latest release on the WordPress plugin repository before updating. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all WordPress installations running GamiPress plugin versions 7.8.7 or earlier. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today