The GamiPress plugin is impacted by a high-severity SQL injection vulnerability that permits authenticated subscribers to compromise database integrity.

The plugin contains insufficient input sanitization in its database query functions, allowing an authenticated Subscriber to inject malicious SQL commands.

Exploitation of this vulnerability may allow an attacker to read or modify sensitive data stored within the WordPress database. A CVSS score of 8.5 indicates that this vulnerability poses a significant risk to the security of the application and its data.

Immediate Action: Update GamiPress to the latest patched version as soon as it becomes available.

Proactive Monitoring: Review database logs for suspicious query activity or unusual patterns consistent with SQL injection attempts.

Compensating Controls: Implement a Web Application Firewall (WAF) to detect and block SQL injection attempts at the edge.

Public Exploit Available: false

Organizations must prioritize the application of security patches for GamiPress to mitigate this SQL injection risk. Immediate updates are required to ensure the continued security of the platform and its data.