Primary

Context

GamiPress WordPress Plugin Arbitrary Shortcode Execution Vulnerability

Vulnerability

Patched

A vulnerability exists in the GamiPress WordPress plugin, specifically in versions through 7.2.1, allowing for arbitrary shortcode execution. This issue arises in the gamipress_ajax_get_logs() function, where user-supplied values are not properly validated before being processed by do_shortcode. As a result, unauthenticated users can execute arbitrary shortcodes on the site.

Impact

Exploitation of this vulnerability allows for unauthorized users to execute arbitrary shortcodes, which could lead to various impacts depending on the executed shortcode.

Remediation

Users can update to GamiPress version 7.2.2 or later to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

9.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GamiPress WordPress Plugin Arbitrary Shortcode Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GamiPress

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating