cleantalk
Vulnerabilities and Security Researches

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress, dfa3b42df40fc51b8dbbeeecd8268087d331e67b

CVE, Research URL

dfa3b42df40fc51b8dbbeeecd8268087d331e67b

Home page URL

Security reports for GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Application

GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress

Published on
Jan 12, 2023
Research Description
GamiPress &#8211; Gamification plugin to reward points, achievements, badges &amp; ranks in WordPress [gamipress] < 2.5.1 GamiPress <= 2.5.0 - Cross-Site Request Forgery The GamiPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the delete function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.5.1.
Status
vulnerable
Previous vulnerability researches
GamiPress &#8211; Reset User (CVE-2024-8245) , May 19, 2025
GamiPress &#8211; Link (CVE-2024-5536) , Jun 07, 2024
GamiPress &#8211; Button (CVE-2024-2460) , Jun 06, 2024
GamiPress &#8211; Button (98ba15e94d5d1c2d4f99fb15090730d0e1b597a1) , Jun 06, 2024
GamiPress &#8211; The #1 gamification plugin to reward points, achievements, badges &amp; ranks in WordPress (CVE-2024-1799) , Jun 07, 2024
New vulnerability
DIOT SCADA with MQTT (CVE-2025-4216) , Jun 16, 2025
Simple Newsletter Plugin &#8211; Noptin (CVE-2025-49871) , Jun 16, 2025
Job Board Manager (CVE-2025-49324) , Jun 16, 2025
Bitly URL Shortener (CVE-2025-30629) , Jun 16, 2025
ACF Onyx Poll (CVE-2025-5841) , Jun 16, 2025