Stored Cross-Site Scripting Vulnerability in GamiPress Plugin for WordPress
CVE-2024-2783
5.4MEDIUM
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 9 April 2024
What is CVE-2024-2783?
The GamiPress plugin, a popular gamification tool for WordPress, is susceptible to a Stored Cross-Site Scripting vulnerability. This occurs due to inadequate input sanitization and output escaping of user-supplied attributes in its shortcodes. As a result, authenticated users with contributor-level access or higher can exploit the vulnerability, injecting arbitrary web scripts into pages. These injected scripts execute whenever a user visits the affected pages, posing significant security risks. Website owners are urged to update to the latest version and ensure proper sanitization practices are in place.
Affected Version(s)
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress * <= 6.9.0