Vulnerabilites related to rubengc - GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress
CVE-2024-13495 (GCVE-0-2024-13495)
Vulnerability from cvelistv5
Published
2025-01-22 11:07
Modified
2025-01-22 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress |
Version: * ≤ 7.2.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:20:35.073635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:20:45.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GamiPress \u2013 Gamification plugin to reward points, achievements, badges \u0026 ranks in WordPress",
"vendor": "rubengc",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The GamiPress \u2013 Gamification plugin to reward points, achievements, badges \u0026 ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T11:07:57.323Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/55fa8423-9a41-4afe-9401-03d232caa656?source=cve"
},
{
"url": "https://wordpress.org/plugins/gamipress/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/browser/gamipress/trunk/includes/ajax-functions.php#L39"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3226227/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-21T22:27:55.000+00:00",
"value": "Disclosed"
}
],
"title": "GamiPress \u003c= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13495",
"datePublished": "2025-01-22T11:07:57.323Z",
"dateReserved": "2025-01-16T20:24:24.435Z",
"dateUpdated": "2025-01-22T14:20:45.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13499 (GCVE-0-2024-13499)
Vulnerability from cvelistv5
Published
2025-01-22 11:07
Modified
2025-01-22 14:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
The The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress |
Version: * ≤ 7.2.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:11:49.150299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:11:58.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GamiPress \u2013 Gamification plugin to reward points, achievements, badges \u0026 ranks in WordPress",
"vendor": "rubengc",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "abrahack"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The GamiPress \u2013 Gamification plugin to reward points, achievements, badges \u0026 ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T11:07:57.919Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b30ab159-ff3c-4d46-b182-f8938097b837?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/gamipress/trunk/includes/functions.php"
},
{
"url": "https://plugins.trac.wordpress.org/browser/gamipress/trunk/includes/functions.php#L645"
},
{
"url": "https://wordpress.org/plugins/gamipress/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3226227/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-21T22:51:27.000+00:00",
"value": "Disclosed"
}
],
"title": "GamiPress \u003c= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_do_shortcode() Function"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13499",
"datePublished": "2025-01-22T11:07:57.919Z",
"dateReserved": "2025-01-16T22:14:46.749Z",
"dateUpdated": "2025-01-22T14:11:58.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13496 (GCVE-0-2024-13496)
Vulnerability from cvelistv5
Published
2025-01-22 11:07
Modified
2025-03-24 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: This vulnerability was previously published as being fixed in version 7.2.2 which was incorrect. The correct fixed version is 7.3.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rubengc | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress |
Version: * ≤ 7.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:06:52.853545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:07:04.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GamiPress \u2013 Gamification plugin to reward points, achievements, badges \u0026 ranks in WordPress",
"vendor": "rubengc",
"versions": [
{
"lessThanOrEqual": "7.3.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "abrahack"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GamiPress \u2013 Gamification plugin to reward points, achievements, badges \u0026 ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: This vulnerability was previously published as being fixed in version 7.2.2 which was incorrect. The correct fixed version is 7.3.2."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:50:39.128Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea54436c-b623-4049-af19-9995c312476e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/gamipress/trunk/libraries/ct/includes/class-ct-query.php#L160"
},
{
"url": "https://plugins.trac.wordpress.org/browser/gamipress/trunk/includes/ajax-functions.php#L39"
},
{
"url": "https://wordpress.org/plugins/gamipress/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3226227/"
},
{
"url": "https://abrahack.com/posts/gamipress-sqli/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-16T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-01-21T22:24:56.000+00:00",
"value": "Disclosed"
}
],
"title": "GamiPress \u003c= 7.3.1 - Unauthenticated SQL Injection via orderby Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13496",
"datePublished": "2025-01-22T11:07:58.693Z",
"dateReserved": "2025-01-16T20:56:30.376Z",
"dateUpdated": "2025-03-24T15:50:39.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}