CVE-2025-13192 Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied...

CVE-2025-13192

The CVE-2025-13192 entry describes a generic SQL Injection in the WordPress plugin “Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers” for versions up to 2.2.0. Root cause: insufficient escaping and inadequate query preparation on user-supplied par...

CVE-2025-10861

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4. This is due to insufficient validation on the URLs supplied via the URL parameter...

PT-2025-41363

Name of the Vulnerable Software and Affected Versions Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress versions up to and including 2.1.3 Description The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting...

CVE-2023-25715

Missing Authorization vulnerability in GamiPress GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6...

CVE-2024-8658

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...