213 matches found
CVE-2025-49326
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...
CVE-2025-49326 WordPress GamiPress <= 7.4.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress allows SQL Injection. This issue affects GamiPress: from n/a through 7.4.5...
CVE-2025-49326 WordPress GamiPress plugin <= 7.4.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...
CVE-2025-49326
CVE-2025-49326 refers to a SQL Injection vulnerability in the WordPress plugin GamiPress . The connected Red Hat entry confirms the root cause as "improper neutralization of special elements used in an SQL Command" and notes the issue affects GamiPress versions up to 7.4.5. Wordfence’s vulnerabil...
PT-2025-24250 · Gamipress · Gamipress
Name of the Vulnerable Software and Affected Versions: GamiPress versions n/a through 7.4.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...
WordPress plugin GamiPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...
WordPress GamiPress plugin <= 7.4.5 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by Nguyen Kim Sang in WordPress Plugin GamiPress versions = 7.4.5...
CVE-2024-30455
Cross-Site Request Forgery CSRF vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5...
CVE-2024-5536
The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipresslink shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-0154
The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-25715
Missing Authorization vulnerability in GamiPress GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6...
CVE-2023-24000
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7...
WordPress GamiPress - Reset User plugin <= 1.0.0 - GamiPress User Data Removal via CSRF vulnerability
WordPress GamiPress - Reset User plugin = 1.0.0 - GamiPress User Data Removal via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin GamiPress - Reset User versions = 1.0.0...
CVE-2024-8245
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-8245
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-8245
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-8245
The CVE concerns the GamiPress WordPress plugin prior to version 1.0.1, where a missing CSRF check when updating settings allows a logged‑in attacker to change settings via a CSRF attack. Affected product: GamiPress WordPress plugin (pre‑1.0.1). Root cause: no CSRF protection on settings updates....
CVE-2024-8245 GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-8245 GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin GamiPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...