Browse all 4 CVE security advisories affecting GamiPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GamiPress is a gamification plugin for WordPress that enables users to create point systems, achievements, and leaderboards to engage website visitors. Historically, it has been susceptible to multiple security vulnerabilities, including remote code execution, cross-site scripting, and privilege escalation flaws. The plugin has accumulated four CVE records, with issues often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities highlights the importance of maintaining updated versions and implementing proper security measures when using this gamification tool.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-25697 | WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability — GamiPressCWE-352 | 5.4 | Medium | 2024-06-19 |
| CVE-2024-30455 | WordPress GamiPress plugin <= 6.8.5 - Cross Site Request Forgery (CSRF) vulnerability — GamiPressCWE-352 | 4.3 | Medium | 2024-03-29 |
| CVE-2023-25715 | WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control — GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPressCWE-862 | 5.4 | Medium | 2023-12-19 |
| CVE-2023-24000 | WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection — GamiPressCWE-89 | 8.2 | High | 2023-10-31 |
This page lists every published CVE security advisory associated with GamiPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.