SQL Injection Vulnerability in GamiPress by Ruben Garcia
CVE-2025-49326

7.6HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
6 June 2025

What is CVE-2025-49326?

An SQL Injection vulnerability has been identified in GamiPress, a plugin developed by Ruben Garcia. This flaw arises from improper neutralization of special elements used in SQL commands, enabling attackers to manipulate database queries. If exploited, this vulnerability can lead to unauthorized data access and alterations. It affects all versions of GamiPress up to and including version 7.4.5. Website owners using this plugin should take immediate measures to secure their installations by updating to the latest version.

Affected Version(s)

GamiPress <= 7.4.5

References

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Kim Sang (Patchstack Alliance)
.
CVE-2025-49326 : SQL Injection Vulnerability in GamiPress by Ruben Garcia