A critical vulnerability, CVE-2024-13496, was discovered in the GamiPress WordPress plugin, potentially impacting numerous WordPress websites using the plugin for gamification and rewards systems. An unauthenticated SQL injection flaw enabled attackers to manipulate SQL queries, posing a high risk of sensitive data extraction and website compromise. Although there was no immediate evidence of exploitation, the vulnerability, with a CVSS score of 7.5, required urgent attention and patching. The potential losses could have included customer trust erosion, unauthorized access to personal data, and a consequential threat to the websites' integrity and reputation.
Source: https://cybersecuritynews.com/wordpress-hackers-inject-malicious-sql-queries/
"id": "aut333032525",
"linkid": "automatorwp",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"