cleantalk
Vulnerabilities and Security Researches

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress, CVE-2025-13812

CVE, Research URL

CVE-2025-13812

Home page URL

Security reports for GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Application

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Published on
Jan 06, 2026
Research Description
The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipress_ajax_get_posts and gamipress_ajax_get_users functions in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate users, including their email addresses and to retrieve titles of private posts.
Affected versions
max 7.6.2.
Status
vulnerable
Previous vulnerability researches
GamiPress – Reset User (CVE-2024-8245) , May 19, 2025
GamiPress – Link (CVE-2024-5536) , Jun 07, 2024
GamiPress – Button (CVE-2024-2460) , Jun 06, 2024
GamiPress – Button (98ba15e94d5d1c2d4f99fb15090730d0e1b597a1) , Jun 06, 2024
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress (CVE-2024-1799) , Jun 07, 2024
New vulnerability
B2BKing — Ultimate WooCommerce Wholesale and B2B Solution — Wholesale Order Form, Catalog Mode, Dynamic Pricing & More (CVE-2026-27346) , May 27, 2026
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress (CVE-2026-24546) , May 27, 2026
WP Activity Log (CVE-2026-45435) , May 26, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-48837) , May 26, 2026
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode , May 26, 2026