Gamipress

Gamipress

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2024-13495

  • EPSS 0.42%
  • Veröffentlicht 22.01.2025 11:15:08
  • Zuletzt bearbeitet 24.01.2025 20:46:53

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7...

7.5

CVE-2024-13496

  • EPSS 20.37%
  • Veröffentlicht 22.01.2025 11:15:08
  • Zuletzt bearbeitet 24.03.2025 16:15:17

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.3.1 due to insufficient...

7.3

CVE-2024-13499

  • EPSS 0.4%
  • Veröffentlicht 22.01.2025 11:15:08
  • Zuletzt bearbeitet 24.01.2025 20:37:12

The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1....

9.8

CVE-2024-11036

  • EPSS 1.84%
  • Veröffentlicht 19.11.2024 11:15:04
  • Zuletzt bearbeitet 04.02.2025 15:44:41

The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and incl...

6.3

CVE-2023-25697

  • EPSS 0.09%
  • Veröffentlicht 19.06.2024 15:15:56
  • Zuletzt bearbeitet 21.11.2024 07:49:57

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.

8.1

CVE-2024-2505

Exploit
  • EPSS 0.72%
  • Veröffentlicht 29.04.2024 06:15:07
  • Zuletzt bearbeitet 08.05.2025 18:24:45

The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settin...

5.4

CVE-2024-2783

  • EPSS 0.2%
  • Veröffentlicht 09.04.2024 19:15:36
  • Zuletzt bearbeitet 04.02.2025 17:24:34

The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to ...

4.3

CVE-2024-30455

  • EPSS 0.16%
  • Veröffentlicht 29.03.2024 17:15:18
  • Zuletzt bearbeitet 31.01.2025 19:59:06

Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5.

8.8

CVE-2024-1799

  • EPSS 0.24%
  • Veröffentlicht 20.03.2024 03:15:08
  • Zuletzt bearbeitet 04.02.2025 20:59:34

The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to...

5.4

CVE-2024-2460

  • EPSS 0.08%
  • Veröffentlicht 20.03.2024 03:15:08
  • Zuletzt bearbeitet 12.03.2025 14:24:36

The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supp...