Local File Inclusion Vulnerability in GamiPress by Ruben Garcia
CVE-2025-47508

7.5HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
7 May 2025

What is CVE-2025-47508?

The GamiPress plugin, developed by Ruben Garcia, has a vulnerable function allowing for Local File Inclusion (LFI) due to improper handling of include/require statements. This flaw enables attackers to manipulate file paths, potentially leading to the execution of arbitrary PHP code. The vulnerability affects the plugin versions up to 7.3.7, making it crucial for site administrators to apply appropriate security measures to mitigate risks associated with unauthorized file access.

Affected Version(s)

GamiPress <= 7.3.7

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

muhammad yudha (Patchstack Alliance)
.