- Description
- The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-94
- Hype score
- Not currently trending
🚨 CVE-2024-11036 (Published: 2024-11-19) - A high-severity vulnerability affecting Wordfence. Ensure your WordPress site is updated to the latest version to mitigate risks. For detailed remediation steps, check the full report: https://t.co/VqqBre8FaP #WordPress #Security
@transilienceai
22 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11036 (Published: 2024-11-19) - High severity vulnerability in GamiPress. Affects multiple versions. Ensure your site is secure by updating to the latest version. For more details and remediation steps, visit: https://t.co/ViBodbeCIW #WordPress #SecurityAlert
@transilienceai
22 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11036 (Published: 2024-11-19) - High severity vulnerability in GamiPress versions prior to 7.1.4. This exploit can compromise your site. 🔒 Remediate by updating to the latest version. For details, check the code here: https://t.co/mU1Dyt3eDB #WordPress #Security
@transilienceai
22 Nov 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11036 (Published: 2024-11-19) - High severity vulnerability in GamiPress versions prior to 7.1.4. Exploitation could lead to significant security risks. 🔒 Remediation: Update to GamiPress 7.1.4 or later to secure your site. More info: [GamiPress… https://t.co/5XZlqJ4
@transilienceai
22 Nov 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11036 (Published: 2024-11-19) - Critical vulnerability in GamiPress (GAMIPRESS-2023-001). Affects specific versions. 🛠️ Remediation: Update to the latest version available at [GamiPress Trac](https://t.co/ZtVR2n7U7W) to secure your site! #WordPress #Security… https:/
@transilienceai
22 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11036 The The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode e… https://t.co/YG2YkjtjCo
@CVEnew
19 Nov 2024
368 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gamipress:gamipress:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "49CF7F0B-821E-4179-9722-884F94FDC76C",
"versionEndExcluding": "7.1.6"
}
],
"operator": "OR"
}
]
}
]