[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqFL0xRtCFJHOe_gIhxB3qFzSUQVRR748H7BvuEtnBJQ":3,"$fMIOQyPCGqxwQ1KPnfcqZuzVSU70KCiYL58y-hz4tfuQ":292,"$foAXTgvbUW2DheT3mibp_1kWgTnjCVL1iJoGIlUGq_SI":296},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":64,"crawl_stats":38,"alternatives":71,"analysis":134,"fingerprints":273},"gamipress-button","GamiPress – Button","1.0.9","Ruben Garcia","https:\u002F\u002Fprofiles.wordpress.org\u002Frubengc\u002F","\u003Cp>GamiPress – Button let’s you add activity triggers filtered by button clicks adding new activity events on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">GamiPress\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>Note: This add-on is designed to award users for button clicks, if you want to award them for link clicks, then you should check the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress-link\u002F\" title=\"GamiPress - Link\" rel=\"ugc\">GamiPress – Link\u003C\u002Fa> add-on.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIW9ZcGaWDBM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>New Events\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Click any button: When a user clicks on any button.\u003C\u002Fli>\n\u003Cli>Click a button with a specific ID: When a user clicks on any button with a specific identifier (button id attribute).\u003C\u002Fli>\n\u003Cli>Click a button with a specific Class: When a user clicks on any button with a specific class (button class attribute).\u003C\u002Fli>\n\u003Cli>Get a click on any button: When the post\u002Fcomment author gets clicks on any button.\u003C\u002Fli>\n\u003Cli>Get a click on a button with a specific ID: When the post\u002Fcomment author gets clicks on any button with a specific identifier (button id attribute).\u003C\u002Fli>\n\u003Cli>Get a click on a button with a specific Class: When the post\u002Fcomment author gets clicks on any button with a specific class (button class attribute).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Important: The unique buttons that trigger this activities are the buttons generated by [gamipress_button] shortcode.\u003C\u002Fp>\n","Add activity events based on button clicks generated by [gamipress_button]",1000,20501,60,2,"2025-12-01T15:58:00.000Z","6.9.4","4.4","",[20,21,22,23,24],"button","click","gamification","gamify","gamipress","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress-button\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.9.zip",99,0,"2024-03-19 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33,51],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":29,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":38,"research_status":38,"research_verified":50,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":50,"poc_model_used":38,"poc_verification_depth":38},"CVE-2024-2460","gamipress-button-authenticatedcontributor-stored-cross-site-scripting-via-shortcode","GamiPress – Button \u003C= 1.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode","The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.0.7","1.0.8","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-03-20 02:35:42",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faf39e563-5d88-460d-b02d-1aaa111c89dd?source=api-prod",1,[],false,{"id":52,"url_slug":53,"title":54,"description":55,"plugin_slug":4,"theme_slug":38,"affected_versions":56,"patched_in_version":57,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62,"patch_diff_files":63,"patch_trac_url":38,"research_status":38,"research_verified":50,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":50,"poc_model_used":38,"poc_verification_depth":38},"WF-eedced7b-bda4-4292-8e87-fc3e37e4868b-gamipress-button","gamipress-button-authenticated-contributor-stored-cross-site-scripting-via-shortcode","GamiPress – Button \u003C= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page","\u003C=1.0.4","1.0.5","2023-01-12 00:00:00","2024-01-22 19:56:02",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Feedced7b-bda4-4292-8e87-fc3e37e4868b?source=api-prod",376,[],{"slug":65,"display_name":7,"profile_url":8,"plugin_count":66,"total_installs":67,"avg_security_score":27,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},"rubengc",32,24550,128,78,"2026-05-20T00:16:07.575Z",[72,87,101,112,123],{"slug":73,"name":74,"version":75,"author":7,"author_profile":8,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":14,"last_updated":81,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":82,"homepage":84,"download_link":85,"security_score":27,"vuln_count":48,"unpatched_count":28,"last_vuln_date":86,"fetched_at":30},"gamipress-link","GamiPress – Link","1.1.5","\u003Cp>GamiPress – Link let’s you add activity triggers filtered by link clicks adding new activity events on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">GamiPress\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>Note: This add-on is designed to award users for link clicks, if you want to award them for button clicks, then you should check the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress-button\u002F\" title=\"GamiPress - Button\" rel=\"ugc\">GamiPress – Button\u003C\u002Fa> add-on.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fram4nUN9bHs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>New Events\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Click any link: When an user clicks on any link.\u003C\u002Fli>\n\u003Cli>Click a link with a specific URL: When an user clicks on any link with a specific URL.\u003C\u002Fli>\n\u003Cli>Click a link with a specific ID: When an user clicks on any link with a specific identifier (link id attribute).\u003C\u002Fli>\n\u003Cli>Click a link with a specific Class: When an user clicks on any link with a specific class (link class attribute).\u003C\u002Fli>\n\u003Cli>Get a click on any link: When the post\u002Fcomment author gets clicks on any link.\u003C\u002Fli>\n\u003Cli>Get a click on a link with a specific URL: When the post\u002Fcomment author gets clicks on any link with a specific URL.\u003C\u002Fli>\n\u003Cli>Get a click on a link with a specific ID: When the post\u002Fcomment author gets clicks on any link with a specific identifier (link id attribute).\u003C\u002Fli>\n\u003Cli>Get a click on a link with a specific Class: When the post\u002Fcomment author gets clicks on any link with a specific class (link class attribute).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Important: The unique links that trigger this activities are the links generated by [gamipress_link] shortcode.\u003C\u002Fp>\n","Add activity events based on link clicks generated by [gamipress_link]",800,22761,100,"2025-12-01T16:00:00.000Z",[21,22,23,24,83],"link","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress-link\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-link.1.1.5.zip","2024-06-04 20:43:51",{"slug":88,"name":89,"version":6,"author":7,"author_profile":8,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":28,"num_ratings":28,"last_updated":94,"tested_up_to":95,"requires_at_least":17,"requires_php":18,"tags":96,"homepage":99,"download_link":100,"security_score":80,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"gamipress-leaderboards-include-exclude-users","GamiPress – Leaderboards Include\u002FExclude Users","\u003Cp>GamiPress – Leaderboards Include\u002FExclude Users let’s you include and\u002For exclude users that will be ranked on a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">GamiPress\u003C\u002Fa> leaderboard!\u003C\u002Fp>\n\u003Cp>In addition, plugin includes settings to include and\u002For exclude users by role.\u003C\u002Fp>\n\u003Cp>Important: This plugin requires \u003Ca href=\"https:\u002F\u002Fgamipress.com\u002Fadd-ons\u002Fgamipress-leaderboards\u002F\" title=\"GamiPress - Leaderboards\" rel=\"nofollow ugc\">GamiPress – Leaderboards\u003C\u002Fa> add-on.\u003C\u002Fp>\n","Include or exclude specific users or roles on any leaderboard.",500,14959,"2025-12-01T15:59:00.000Z","6.1.10",[97,22,23,24,98],"achievement","point","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress-leaderboards-include-exclude-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-leaderboards-include-exclude-users.1.0.9.zip",{"slug":102,"name":103,"version":104,"author":7,"author_profile":8,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":80,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":109,"homepage":110,"download_link":111,"security_score":80,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"gamipress-block-users","GamiPress – Block Users","1.0.2","\u003Cp>GamiPress – Block Users let’s you block users and roles from getting awarded through the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">GamiPress\u003C\u002Fa> awards engine!\u003C\u002Fp>\n\u003Cp>In addition, blocked users activity won’t be registered on logs what makes it ideal for stop registering and awarding undesired user roles like site administrators.\u003C\u002Fp>\n","Block users and roles from getting awarded through the GamiPress awards engine",400,10654,[97,22,23,24,98],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress-block-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-block-users.1.0.2.zip",{"slug":113,"name":114,"version":115,"author":7,"author_profile":8,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":28,"num_ratings":28,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":120,"homepage":121,"download_link":122,"security_score":80,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"gamipress-buddypress-group-leaderboard","GamiPress – BuddyPress Group Leaderboard","1.1.4","\u003Cp>GamiPress – BuddyPress Group Leaderboard let’s you add new tab on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" title=\"BuddyPress\" rel=\"ugc\">BuddyPress\u003C\u002Fa> groups with a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">GamiPress\u003C\u002Fa> leaderboard of group members!\u003C\u002Fp>\n\u003Cp>Through the GamiPress settings you will be able to configure the metrics by which group members should be ranked and the columns to show.\u003C\u002Fp>\n\u003Cp>Important: This plugin requires \u003Ca href=\"https:\u002F\u002Fgamipress.com\u002Fadd-ons\u002Fgamipress-leaderboards\u002F\" title=\"GamiPress - Leaderboards\" rel=\"nofollow ugc\">GamiPress – Leaderboards\u003C\u002Fa> add-on.\u003C\u002Fp>\n","Add a completely configurable tab on BuddyPress groups with a GamiPress leaderboard of group members",300,16501,[97,22,23,24,98],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress-buddypress-group-leaderboard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-buddypress-group-leaderboard.1.1.4.zip",{"slug":124,"name":125,"version":126,"author":7,"author_profile":8,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":80,"num_ratings":48,"last_updated":94,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":131,"homepage":132,"download_link":133,"security_score":80,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"gamipress-emails-by-type","GamiPress – Emails By Type","1.0.3","\u003Cp>GamiPress – Emails By Type let’s you set different emails settings by type for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">GamiPress\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ability to set achievement and step emails by achievement type.\u003C\u002Fli>\n\u003Cli>Ability to set achievement and step emails by single achievement.\u003C\u002Fli>\n\u003Cli>Ability to set points awards and deductions emails by points type.\u003C\u002Fli>\n\u003Cli>Ability to set rank and rank requirements emails by rank type.\u003C\u002Fli>\n\u003Cli>Ability to set rank and rank requirements emails by single rank.\u003C\u002Fli>\n\u003Cli>Ability to disable any email by achievement type, single achievement, by points type, by rank type or by single rank.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings hierarchy\u003C\u002Fh4>\n\u003Cp>On achievements and ranks, you have the ability to set custom settings by a single item or to the whole type, the settings will be applied in following order:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Single item (achievement or rank) settings -> Type settings (achievement or rank type) -> Emails settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you leave empty the emails settings of a single item then type settings will be applied.\u003Cbr \u002F>\nIf type settings are empty, then will be applied emails setting.\u003C\u002Fp>\n","Set different emails settings by type",200,8276,[97,22,23,24,98],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress-emails-by-type\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-emails-by-type.1.0.3.zip",{"attackSurface":135,"codeSignals":235,"taintFlows":260,"riskAssessment":261,"analyzedAt":272},{"hooks":136,"ajaxHandlers":223,"restRoutes":232,"shortcodes":233,"cronEvents":234,"entryPointCount":14,"unprotectedCount":28},[137,141,145,151,157,161,165,170,174,178,182,188,192,196,200,204,208,212,216,220],{"type":138,"name":139,"callback":139,"file":140,"line":80},"action","admin_notices","gamipress-button.php",{"type":138,"name":142,"callback":143,"file":140,"line":144},"plugins_loaded","GamiPress_Button",205,{"type":146,"name":147,"callback":148,"file":149,"line":150},"filter","gamipress_automatic_updates_plugins","gamipress_button_automatic_updates","includes\\admin.php",26,{"type":146,"name":152,"callback":153,"priority":154,"file":155,"line":156},"gamipress_log_event_trigger_meta_data","gamipress_button_log_event_trigger_meta_data",10,"includes\\logs.php",55,{"type":146,"name":158,"callback":159,"priority":154,"file":155,"line":160},"gamipress_get_user_trigger_count_log_meta","gamipress_button_get_user_trigger_count_log_meta",116,{"type":146,"name":162,"callback":163,"priority":154,"file":155,"line":164},"gamipress_log_extra_data_fields","gamipress_button_log_extra_data_fields",224,{"type":146,"name":166,"callback":167,"priority":154,"file":168,"line":169},"gamipress_requirement_object","gamipress_button_requirement_object","includes\\requirements.php",38,{"type":138,"name":171,"callback":172,"priority":154,"file":168,"line":173},"gamipress_requirement_ui_html_after_achievement_post","gamipress_button_requirement_ui_fields",56,{"type":138,"name":175,"callback":176,"priority":154,"file":168,"line":177},"gamipress_ajax_update_requirement","gamipress_button_ajax_update_requirement",81,{"type":138,"name":179,"callback":180,"priority":154,"file":168,"line":181},"gamipress_requirement_ui_html_after_requirement_title","gamipress_button_shortcode_preview",104,{"type":146,"name":183,"callback":184,"priority":185,"file":186,"line":187},"gamipress_get_triggered_requirements","gamipress_button_filter_triggered_requirements",20,"includes\\rules-engine.php",108,{"type":146,"name":189,"callback":190,"priority":154,"file":186,"line":191},"user_has_access_to_achievement","gamipress_button_user_has_access_to_achievement",137,{"type":138,"name":193,"callback":194,"file":195,"line":150},"init","gamipress_button_register_scripts","includes\\scripts.php",{"type":138,"name":197,"callback":198,"priority":80,"file":195,"line":199},"wp_enqueue_scripts","gamipress_button_enqueue_scripts",48,{"type":138,"name":201,"callback":202,"file":195,"line":203},"admin_init","gamipress_button_admin_register_scripts",64,{"type":138,"name":205,"callback":206,"priority":80,"file":195,"line":207},"admin_enqueue_scripts","gamipress_button_admin_enqueue_scripts",84,{"type":138,"name":193,"callback":209,"file":210,"line":211},"gamipress_register_button_shortcode","includes\\shortcodes\\gamipress_button.php",70,{"type":146,"name":213,"callback":214,"file":215,"line":169},"gamipress_activity_triggers","gamipress_button_activity_triggers","includes\\triggers.php",{"type":146,"name":217,"callback":218,"priority":154,"file":215,"line":219},"gamipress_activity_trigger_label","gamipress_button_activity_trigger_label",76,{"type":146,"name":221,"callback":222,"priority":154,"file":215,"line":187},"gamipress_trigger_get_user_id","gamipress_button_trigger_get_user_id",[224,230],{"action":225,"nopriv":50,"callback":226,"hasNonce":227,"hasCapCheck":50,"file":228,"line":229},"gamipress_button_click","gamipress_ajax_button_click",true,"includes\\ajax-functions.php",86,{"action":225,"nopriv":227,"callback":226,"hasNonce":227,"hasCapCheck":50,"file":228,"line":231},87,[],[],[],{"dangerousFunctions":236,"sqlUsage":237,"outputEscaping":239,"fileOperations":28,"externalRequests":28,"nonceChecks":48,"capabilityChecks":28,"bundledLibraries":259},[],{"prepared":28,"raw":28,"locations":238},[],{"escaped":240,"rawEcho":241,"locations":242},30,9,[243,246,247,249,250,252,254,255,257],{"file":168,"line":244,"context":245},51,"raw output",{"file":168,"line":244,"context":245},{"file":168,"line":248,"context":245},52,{"file":168,"line":248,"context":245},{"file":168,"line":251,"context":245},95,{"file":168,"line":253,"context":245},96,{"file":168,"line":27,"context":245},{"file":210,"line":256,"context":245},109,{"file":210,"line":258,"context":245},110,[],[],{"summary":262,"deductions":263},"The gamipress-button v1.0.9 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in handling SQL queries, exclusively using prepared statements, and avoids file operations and external HTTP requests.  It also includes a nonce check, which is a critical security control. However, several areas raise concerns. The lack of capability checks on AJAX handlers means that any authenticated user, regardless of their role or permissions, could potentially trigger these actions, increasing the attack surface.  While taint analysis showed no critical or high severity flows, the 77% output escaping rate indicates a potential for Cross-Site Scripting (XSS) vulnerabilities, especially with 39 total outputs. The plugin's history of two medium severity CVEs, both related to XSS, further amplifies this concern, suggesting a recurring weakness that needs addressing.  The recent nature of the last vulnerability also highlights the ongoing need for vigilant patching.",[264,266,269],{"reason":265,"points":154},"No capability checks on AJAX handlers",{"reason":267,"points":268},"77% output escaping rate (potential XSS)",6,{"reason":270,"points":271},"Two medium severity CVEs, recent",15,"2026-03-16T19:06:42.648Z",{"wat":274,"direct":283},{"assetPaths":275,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[276,277],"\u002Fwp-content\u002Fplugins\u002Fgamipress-button\u002Fassets\u002Fjs\u002Fgamipress-button.js","\u002Fwp-content\u002Fplugins\u002Fgamipress-button\u002Fassets\u002Fjs\u002Fgamipress-button.min.js",[],[276,277],[281,282],"gamipress-button\u002Fassets\u002Fjs\u002Fgamipress-button.js?ver=","gamipress-button\u002Fassets\u002Fjs\u002Fgamipress-button.min.js?ver=",{"cssClasses":284,"htmlComments":285,"htmlAttributes":286,"restEndpoints":287,"jsGlobals":288,"shortcodeOutput":290},[],[],[],[],[289],"gamipress_button",[291],"[gamipress_button]",{"error":227,"url":293,"statusCode":294,"statusMessage":295,"message":295},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fgamipress-button\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":154,"versions":297},[298,303,309,317,325,332,341,349,357,366],{"version":6,"download_url":26,"svn_tag_url":299,"released_at":38,"has_diff":50,"diff_files_changed":300,"diff_lines":38,"trac_diff_url":301,"vulnerabilities":302,"is_current":227},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.8&new_path=%2Fgamipress-button%2Ftags%2F1.0.9",[],{"version":40,"download_url":304,"svn_tag_url":305,"released_at":38,"has_diff":50,"diff_files_changed":306,"diff_lines":38,"trac_diff_url":307,"vulnerabilities":308,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.7&new_path=%2Fgamipress-button%2Ftags%2F1.0.8",[],{"version":310,"download_url":311,"svn_tag_url":312,"released_at":38,"has_diff":50,"diff_files_changed":313,"diff_lines":38,"trac_diff_url":314,"vulnerabilities":315,"is_current":50},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.6&new_path=%2Fgamipress-button%2Ftags%2F1.0.7",[316],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":318,"download_url":319,"svn_tag_url":320,"released_at":38,"has_diff":50,"diff_files_changed":321,"diff_lines":38,"trac_diff_url":322,"vulnerabilities":323,"is_current":50},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.5&new_path=%2Fgamipress-button%2Ftags%2F1.0.6",[324],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":57,"download_url":326,"svn_tag_url":327,"released_at":38,"has_diff":50,"diff_files_changed":328,"diff_lines":38,"trac_diff_url":329,"vulnerabilities":330,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.4&new_path=%2Fgamipress-button%2Ftags%2F1.0.5",[331],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":333,"download_url":334,"svn_tag_url":335,"released_at":38,"has_diff":50,"diff_files_changed":336,"diff_lines":38,"trac_diff_url":337,"vulnerabilities":338,"is_current":50},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.3&new_path=%2Fgamipress-button%2Ftags%2F1.0.4",[339,340],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"id":52,"url_slug":53,"title":54,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":57},{"version":126,"download_url":342,"svn_tag_url":343,"released_at":38,"has_diff":50,"diff_files_changed":344,"diff_lines":38,"trac_diff_url":345,"vulnerabilities":346,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.2&new_path=%2Fgamipress-button%2Ftags%2F1.0.3",[347,348],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"id":52,"url_slug":53,"title":54,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":57},{"version":104,"download_url":350,"svn_tag_url":351,"released_at":38,"has_diff":50,"diff_files_changed":352,"diff_lines":38,"trac_diff_url":353,"vulnerabilities":354,"is_current":50},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.1&new_path=%2Fgamipress-button%2Ftags%2F1.0.2",[355,356],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"id":52,"url_slug":53,"title":54,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":57},{"version":358,"download_url":359,"svn_tag_url":360,"released_at":38,"has_diff":50,"diff_files_changed":361,"diff_lines":38,"trac_diff_url":362,"vulnerabilities":363,"is_current":50},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgamipress-button%2Ftags%2F1.0.0&new_path=%2Fgamipress-button%2Ftags%2F1.0.1",[364,365],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"id":52,"url_slug":53,"title":54,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":57},{"version":367,"download_url":368,"svn_tag_url":369,"released_at":38,"has_diff":50,"diff_files_changed":370,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":371,"is_current":50},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgamipress-button.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgamipress-button\u002Ftags\u002F1.0.0\u002F",[],[372,373],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"id":52,"url_slug":53,"title":54,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":57}]