cleantalk
Vulnerabilities and Security Researches

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress, CVE-2024-11036

CVE, Research URL

CVE-2024-11036

Home page URL

Security reports for GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Application

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Published on
Nov 19, 2024
Research Description
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions
Min -, max 7.1.6.
Status
vulnerable
Previous vulnerability researches
GamiPress – Link (CVE-2024-5536) , Jun 07, 2024
GamiPress – Button (CVE-2024-2460) , Jun 06, 2024
GamiPress – Button (98ba15e94d5d1c2d4f99fb15090730d0e1b597a1) , Jun 06, 2024
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress (CVE-2024-1799) , Jun 07, 2024
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress (CVE-2024-2783) , Jun 07, 2024
New vulnerability
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025
EUCookieLaw (CVE-2025-3897) , May 10, 2025
Frontend Login and Registration Blocks (CVE-2025-3605) , May 10, 2025
WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg (CVE-2025-4206) , May 10, 2025
Top 10 – WordPress Popular posts by WebberZone (CVE-2025-47509) , May 09, 2025