Arbitrary Shortcode Execution in GamiPress by GamiPress
CVE-2024-13495
7.3HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 22 January 2025
What is CVE-2024-13495?
The GamiPress plugin, designed for gamification in WordPress, is susceptible to arbitrary shortcode execution due to inadequate validation in the gamipress_ajax_get_logs() function. This flaw allows unauthenticated attackers to execute arbitrary shortcodes, potentially leading to unauthorized actions or compromises within the WordPress environment. All versions up to and including 7.2.1 are affected, emphasizing the need for users to ensure they are running the latest, secure versions to mitigate this risk.
Affected Version(s)
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress * <= 7.2.1