Lucene search
+L

213 matches found

Nuclei
Nuclei
added yesterday23 views

WordPress GamiPress <= 2.5.7 - SQL Injection

The GamiPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5.7 due to insufficient escaping on the user supplied parameter '$qv$fieldid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

9.8CVSS7AI score0.0257EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday77 views

GamiPress <= 2.8.9 - SQL Injection

GamiPress WordPress plugin version 2.8.9 and below suffers from an SQL injection vulnerability due to insufficient sanitization of user input, allowing attackers to execute arbitrary SQL commands. id: CVE-2024-13496 info: name: GamiPress = 2.8.9 - SQL Injection author: ritikchaddha severity: high...

7.5CVSS7.3AI score0.0215EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-13450

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS0.00408EPSS
Exploits0References14
EUVD
EUVD
added 2026/07/09 7:55 a.m.7 views

EUVD-2026-42540

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References14
CVE
CVE
added 2026/07/09 7:55 a.m.15 views

CVE-2026-13450

The CVE describes a vulnerability in the GamiPress WordPress plugin (versions up to 7.9.4) where Insecure Direct Object Reference is triggered via the access parameter due to missing validation on a user-controlled key. This allows unauthenticated attackers to view private GamiPress activity log ...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/07/09 7:55 a.m.28 views

CVE-2026-13450 GamiPress <= 7.9.4 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure via 'access' Parameter

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS0.00408EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/07/09 7:55 a.m.7 views

CVE-2026-13450

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References15
NVD
NVD
added 2026/06/15 9:17 p.m.8 views

CVE-2026-48874

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

8.5CVSS0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.10 views

EUVD-2026-36852

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.7 views

CVE-2026-48874 WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-48874 WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress = 7.8.7 versions...

8.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.20 views

CVE-2026-48874

The CVE documents an SQL Injection in WordPress GamiPress plugin versions

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/02 1:29 p.m.9 views

WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by kai63001 in WordPress Plugin GamiPress versions = 7.8.7...

8.5CVSS5.9AI score0.00332EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.12 views

CVE-2026-24546

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 8:16 p.m.12 views

CVE-2026-24546

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 7:26 p.m.14 views

EUVD-2026-31723

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/05/25 7:26 p.m.26 views

CVE-2026-24546

The CVE covers WordPress GamiPress plugin versions up to 7.6.3 with a Missing Authorization vulnerability, arising from incorrectly configured access control levels. According to the connected data, the issue affects the GamiPress component (WordPress plugin) and is classified as a network-exploi...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 7:26 p.m.27 views

CVE-2026-24546 WordPress GamiPress plugin <= 7.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 7:26 p.m.8 views

CVE-2026-24546

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/25 7:24 p.m.13 views

WordPress GamiPress plugin <= 7.6.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by bosz in WordPress Plugin GamiPress versions = 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0Affected Software1
Rows per page
Query Builder