16 matches found
CVE-2023-25697
Cross-Site Request Forgery CSRF vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6...
EUVD-2025-17246
Malicious code in bioql PyPI...
CVE-2025-49326
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ruben Garcia GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through = 7.4.5...
CVE-2025-49326
CVE-2025-49326 refers to a SQL Injection vulnerability in the WordPress plugin GamiPress . The connected Red Hat entry confirms the root cause as "improper neutralization of special elements used in an SQL Command" and notes the issue affects GamiPress versions up to 7.4.5. Wordfence’s vulnerabil...
CVE-2024-30455
Cross-Site Request Forgery CSRF vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5...
CVE-2023-25715
Missing Authorization vulnerability in GamiPress GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through 2.5.6...
PT-2025-21516 · WordPress · Gamipress
Name of the Vulnerable Software and Affected Versions: GamiPress versions prior to 1.0.1 Description: The issue concerns the lack of CSRF check when updating settings, which could allow attackers to make a logged-in administrator change them via a CSRF attack. This could potentially permit...
CVE-2025-47508 WordPress GamiPress <= 7.3.7 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ruben Garcia GamiPress allows PHP Local File Inclusion. This issue affects GamiPress: from n/a through 7.3.7...
CVE-2025-47508
The CVE refers to CVE-2025-47508 affecting WordPress GamiPress plugin versions up to 7.3.7. It is an improper control of filenames for include/require statements (PHP Local File Inclusion that can escalate to PHP Local File Inclusion). Affected product: GamiPress plugin for WordPress (
PT-2025-20132 · Gamipress · Gamipress
Name of the Vulnerable Software and Affected Versions: GamiPress versions n/a through 7.3.7 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...
CVE-2024-13499
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13496
The CVE-2024-13496 entry affects the GamiPress – Gamification WordPress plugin. It describes a time-based SQL Injection via the orderby parameter in all versions up to 7.3.1 due to insufficient escaping and query preparation, enabling unauthenticated attackers to append SQL and potentially read s...
CVE-2024-13496 GamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and la...
CVE-2024-13495 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13499 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressdoshortcode function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...
CVE-2024-13495 GamiPress <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipressajaxgetlogs function in all versions up to, and including, 7.2.1. This is due to the software allowing users to...