3 matches found
CVE-2024-13495
creationtimestamp| type| source ---|---|--- 2025-01-22 11:15:42+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgdainic6k2t 2025-01-22 11:44:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lgdc4ay36p2u 2025-01-22 12:01:58+00:00| seen|...
CVE-2024-13495
CVE-2024-13495 affects the WordPress plugin GamiPress – Gamification (versions up to and including 7.2.1). The flaw is in gamipress_ajax_get_logs(), where user-supplied values are not properly validated before do_shortcode is invoked, allowing unauthenticated attackers to execute arbitrary shortc...
CVE-2024-13495 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...