Gamipress
Monthly
GamiPress versions 7.6.6 and earlier contain a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users through maliciously crafted requests. An attacker can exploit this to modify plugin settings, create or delete gamification elements, or alter user data without the target user's knowledge or consent. The vulnerability requires user interaction (clicking a malicious link) but has no authentication requirement for the attack itself, making it a moderate-risk issue suitable for opportunistic exploitation against WordPress administrators.
The The GamiPress - Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode(). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
The GamiPress - Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.0%.
The The GamiPress - Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
GamiPress versions 7.6.6 and earlier contain a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users through maliciously crafted requests. An attacker can exploit this to modify plugin settings, create or delete gamification elements, or alter user data without the target user's knowledge or consent. The vulnerability requires user interaction (clicking a malicious link) but has no authentication requirement for the attack itself, making it a moderate-risk issue suitable for opportunistic exploitation against WordPress administrators.
The The GamiPress - Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode(). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.
The GamiPress - Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.0%.
The The GamiPress - Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.