WordPress GamiPress Plugin <= 7.1.5 is vulnerable to Broken Access Control

Software GamiPress Type Plugin Vulnerable versions = 7.1.5 Fixed in 7.1.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-11036 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 528614ec92ef Credits Arkadiusz Hydzik Required...

WordPress GamiPress Plugin < 6.8.9 is vulnerable to Broken Access Control

Software GamiPress Type Plugin Vulnerable versions 6.8.9 Fixed in 6.8.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2505 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID f5678a31222a Credits cyc707 Required privilege Author...

WordPress GamiPress Plugin <= 6.9.0 is vulnerable to Cross Site Scripting (XSS)

Software GamiPress Type Plugin Vulnerable versions = 6.9.0 Fixed in 6.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2783 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8fbfaab2d300 Credits Krzysztof Zając Required...

WordPress GamiPress Plugin <= 6.8.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software GamiPress Type Plugin Vulnerable versions = 6.8.5 Fixed in 6.8.6 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-30455 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7284ec56cbcf Credits Ananda Dhakal Patchstack Requir...

WordPress GamiPress Plugin <= 6.8.6 is vulnerable to SQL Injection

Software GamiPress Type Plugin Vulnerable versions = 6.8.6 Fixed in 6.8.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1799 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID ee7a36af539b Credits Krzysztof Zając Required privilege Contributor Published...

WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection

Software GamiPress Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-24000 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 3c1780f1edaa Credits Dave Jong Patchstack Required privilege...

WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control

Software GamiPress Type Plugin Vulnerable versions = 2.5.6 Fixed in 2.5.7 OWASP Top 10 A2: Broken Authentication Classification Broken Access Control CVE CVE-2023-25715 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 205ff6762061 Credits Dave Jong Patchstack Required...

WordPress GamiPress Plugin <= 2.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software GamiPress Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0b9794b16d46 Credits N/A Required privilege Unauthenticat...