Vulnerabilites related to rubengc - GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress
cve-2024-1799
Vulnerability from cvelistv5
Published
2024-03-20 02:35
Modified
2024-08-01 19:22
Severity ?
EPSS score ?
Summary
The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rubengc | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress |
Version: * ≤ 6.8.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T18:48:22.040Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/f357fe2a-aa24-42cd-ac2c-c948e18a4710?source=cve", }, { tags: [ "x_transferred", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051688%40gamipress&new=3051688%40gamipress&sfp_email=&sfph_mail=", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:gamipress:gamipress:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "gamipress", vendor: "gamipress", versions: [ { lessThanOrEqual: "6.8.6", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-1799", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T19:19:38.655021Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-01T19:22:33.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", vendor: "rubengc", versions: [ { lessThanOrEqual: "6.8.6", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Krzysztof Zając", }, ], descriptions: [ { lang: "en", value: "The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-20T02:35:42.251Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/f357fe2a-aa24-42cd-ac2c-c948e18a4710?source=cve", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051688%40gamipress&new=3051688%40gamipress&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-03-19T00:00:00.000+00:00", value: "Disclosed", }, ], }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-1799", datePublished: "2024-03-20T02:35:42.251Z", dateReserved: "2024-02-22T20:28:46.655Z", dateUpdated: "2024-08-01T19:22:33.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11036
Vulnerability from cvelistv5
Published
2024-11-19 11:02
Modified
2024-11-19 14:29
Severity ?
EPSS score ?
Summary
The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rubengc | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress |
Version: * ≤ 7.1.5 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gamipress:gamipress:-:*:*:*:*:wordpress:*:*", ], defaultStatus: "unaffected", product: "gamipress", vendor: "gamipress", versions: [ { lessThanOrEqual: "7.1.5", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-11036", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T14:28:39.889298Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T14:29:40.512Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", vendor: "rubengc", versions: [ { lessThanOrEqual: "7.1.5", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Arkadiusz Hydzik", }, ], descriptions: [ { lang: "en", value: "The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-19T11:02:29.496Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/bad0cd3f-88ea-4a1d-b400-0a450b07a546?source=cve", }, { url: "https://plugins.trac.wordpress.org/browser/gamipress/tags/7.1.4/includes/functions.php#L693", }, { url: "https://plugins.trac.wordpress.org/browser/gamipress/tags/7.1.4/includes/functions.php#L702", }, { url: "https://wordpress.org/plugins/gamipress/#developers", }, { url: "https://plugins.trac.wordpress.org/browser/gamipress/", }, ], timeline: [ { lang: "en", time: "2024-11-18T22:31:51.000+00:00", value: "Disclosed", }, ], title: "GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings", }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-11036", datePublished: "2024-11-19T11:02:29.496Z", dateReserved: "2024-11-08T23:26:37.163Z", dateUpdated: "2024-11-19T14:29:40.512Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2783
Vulnerability from cvelistv5
Published
2024-04-09 18:58
Modified
2024-08-01 19:25
Severity ?
EPSS score ?
Summary
The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rubengc | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress |
Version: * ≤ 6.9.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-2783", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-04T15:29:38.092085Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:30:10.772Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T19:25:41.732Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/720a3525-01dd-4cfd-9403-2bc3f87df618?source=cve", }, { tags: [ "x_transferred", ], url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3058859%40gamipress%2Ftrunk&old=3058187%40gamipress%2Ftrunk&sfp_email=&sfph_mail=", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress", vendor: "rubengc", versions: [ { lessThanOrEqual: "6.9.0", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Krzysztof Zając", }, ], descriptions: [ { lang: "en", value: "The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-09T18:58:55.932Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/720a3525-01dd-4cfd-9403-2bc3f87df618?source=cve", }, { url: "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3058859%40gamipress%2Ftrunk&old=3058187%40gamipress%2Ftrunk&sfp_email=&sfph_mail=", }, ], timeline: [ { lang: "en", time: "2024-03-27T00:00:00.000+00:00", value: "Disclosed", }, ], }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2024-2783", datePublished: "2024-04-09T18:58:55.932Z", dateReserved: "2024-03-21T16:03:37.329Z", dateUpdated: "2024-08-01T19:25:41.732Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }