Unknown Gamipress vulnerabilities

CVE-2024-8245 [MEDIUM] CWE-352 CVE-2024-8245: The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its set The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2024-2505 [HIGH] CWE-284 CVE-2024-2505: The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict a The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized user

CVE-2023-0154 [MEDIUM] CWE-79 CVE-2023-0154: The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attri The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.