Lucene search
+L

213 matches found

NVD
NVD
added 2025/06/06 1:15 p.m.5 views

CVE-2025-49326

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...

7.6CVSS0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 12:53 p.m.8 views

CVE-2025-49326 WordPress GamiPress <= 7.4.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress allows SQL Injection. This issue affects GamiPress: from n/a through 7.4.5...

7.6CVSS7.6AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:53 p.m.15 views

CVE-2025-49326 WordPress GamiPress plugin <= 7.4.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...

7.6CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:53 p.m.44 views

CVE-2025-49326

CVE-2025-49326 refers to a SQL Injection vulnerability in the WordPress plugin GamiPress . The connected Red Hat entry confirms the root cause as "improper neutralization of special elements used in an SQL Command" and notes the issue affects GamiPress versions up to 7.4.5. Wordfence’s vulnerabil...

7.6CVSS5.9AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.4 views

PT-2025-24250 · Gamipress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress versions n/a through 7.4.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

7.6CVSS7.7AI score0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.4 views

WordPress plugin GamiPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

7.6CVSS7.8AI score0.00288EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/05 12:19 a.m.11 views

WordPress GamiPress plugin <= 7.4.5 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Nguyen Kim Sang in WordPress Plugin GamiPress versions = 7.4.5...

7.6CVSS7.8AI score0.00288EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:5 a.m.10 views

CVE-2024-30455

Cross-Site Request Forgery CSRF vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5...

4.3CVSS8.6AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.6 views

CVE-2024-5536

The GamiPress – Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipresslink shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.5 views

CVE-2023-0154

The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00695EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:28 a.m.6 views

CVE-2023-25715

Missing Authorization vulnerability in GamiPress GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6...

6.5CVSS7.1AI score0.00506EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:55 a.m.8 views

CVE-2023-24000

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7...

9.8CVSS8.9AI score0.0257EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 2:44 a.m.7 views

WordPress GamiPress - Reset User plugin <= 1.0.0 - GamiPress User Data Removal via CSRF vulnerability

WordPress GamiPress - Reset User plugin = 1.0.0 - GamiPress User Data Removal via CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin GamiPress - Reset User versions = 1.0.0...

4.3CVSS7AI score0.00159EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.14 views

CVE-2024-8245

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS6.8AI score0.00159EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.6 views

CVE-2024-8245

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00159EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.19 views

CVE-2024-8245

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS0.00159EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.28 views

CVE-2024-8245

The CVE concerns the GamiPress WordPress plugin prior to version 1.0.1, where a missing CSRF check when updating settings allows a logged‑in attacker to change settings via a CSRF attack. Affected product: GamiPress WordPress plugin (pre‑1.0.1). Root cause: no CSRF protection on settings updates....

4.3CVSS6.8AI score0.00159EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.24 views

CVE-2024-8245 GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

0.00159EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.10 views

CVE-2024-8245 GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

7AI score0.00159EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin GamiPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS5AI score0.00159EPSS
Exploits1References1
Rows per page
Query Builder