CVE-2023-24000

HIGH EXPLOITED NUCLEI

GamiPress < 2.5.7 - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-24000 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.

Nuclei Templates (1)

WordPress GamiPress <= 2.5.7 - SQL Injection
CRITICALVERIFIEDby Shivam Kamboj
FOFA: body="/wp-content/plugins/gamipress/"

References (2)

Core 2

Scores

CVSS v3 8.2
EPSS 0.0257
EPSS Percentile 83.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2026-04-01
CWE
CWE-89
Status published
Products (3)
gamipress/gamipress < 2.5.7
GamiPress/GamiPress < 2.5.7
Ruben Garcia/GamiPress < 2.5.7
Published Oct 31, 2023
Tracked Since Feb 18, 2026