EUVD-2024-51631

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

GamiPress plugin allows arbitrary shortcode execution by unauthenticated attackers in versions up to 7.2.1

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-13495	22 Jan 202511:15	–	circl
CNNVD	WordPress plugin GamiPress 代码注入漏洞	22 Jan 202500:00	–	cnnvd
CVE	CVE-2024-13495	22 Jan 202511:07	–	cve
Cvelist	CVE-2024-13495 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function	22 Jan 202511:07	–	cvelist
NVD	CVE-2024-13495	22 Jan 202511:15	–	nvd
OSV	CVE-2024-13495	22 Jan 202511:15	–	osv
Patchstack	WordPress GamiPress plugin <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function vulnerability	21 Jan 202522:52	–	patchstack
Positive Technologies	PT-2025-2189 · WordPress · Gamipress	22 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2024-13495	4 Feb 202523:54	–	redhatcve
Vulnrichment	CVE-2024-13495 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function	22 Jan 202511:07	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "85a66210-c135-3ae5-a54b-35157d79f1a1",
        "vendor": {
          "name": "rubengc"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "281db4cc-03f3-3030-9c6a-d67c1e6f2454",
        "product": {
          "name": "GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress"
        },
        "product_version": "* ≤7.2.1"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/55fa8423-9a41-4afe-9401-03d232caa656
wordpress	www.wordpress.org/plugins/gamipress/
plugins	www.plugins.trac.wordpress.org/browser/gamipress/trunk/includes/ajax-functions.php
plugins	www.plugins.trac.wordpress.org/changeset/3226227/

03 Oct 2025 20:07Current

8.9High risk

Vulners AI Score8.9

CVSS 3.17.3

EPSS0.00807

SSVC