Does GamiPress – LearnDash Group Leaderboard have any unpatched vulnerabilities?

No. All known vulnerabilities in GamiPress – LearnDash Group Leaderboard have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GamiPress – LearnDash Group Leaderboard compatible with WordPress 6.9.4?

According to WordPress.org data, GamiPress – LearnDash Group Leaderboard 1.1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is GamiPress – LearnDash Group Leaderboard updated?

GamiPress – LearnDash Group Leaderboard was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is GamiPress – LearnDash Group Leaderboard's security score?

GamiPress – LearnDash Group Leaderboard has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GamiPress – LearnDash Group Leaderboard Security & Risk Analysis

wordpress.org/plugins/gamipress-learndash-group-leaderboard

Automatically create a GamiPress leaderboard of LearnDash group members

300 active installs v1.1.5 PHP + WP 4.4+ Updated Dec 1, 2025

achievementbadgegamificationgamipresspoint

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is GamiPress – LearnDash Group Leaderboard Safe to Use in 2026?

Generally Safe

Score 100/100

GamiPress – LearnDash Group Leaderboard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The gamipress-learndash-group-leaderboard plugin version 1.1.5 exhibits a mixed security posture. On the positive side, it utilizes prepared statements for all its SQL queries, avoids file operations and external HTTP requests, and has no recorded historical vulnerabilities. This suggests a level of care in its development regarding common database and external interaction risks.

However, significant concerns arise from the static analysis. The plugin presents a single AJAX entry point that lacks any authentication or authorization checks. This is a critical oversight, as it exposes functionality to unauthenticated users, potentially allowing them to trigger actions or retrieve data they shouldn't have access to. Furthermore, only half of the output operations are properly escaped, indicating a potential for cross-site scripting (XSS) vulnerabilities, though the taint analysis did not reveal any specific unsanitized flows.

The absence of any known vulnerabilities historically is a good sign, but it doesn't negate the immediate risks identified in the current version's code. The lack of nonce checks on the AJAX handler is a missed opportunity to further secure this entry point. The plugin's strengths lie in its database interaction and lack of external dependencies, but its security is severely undermined by the unprotected AJAX handler and incomplete output escaping.

Key Concerns

Unprotected AJAX handler
Half of outputs not properly escaped
Missing nonce checks on AJAX

Vulnerabilities

None known

GamiPress – LearnDash Group Leaderboard Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

GamiPress – LearnDash Group Leaderboard Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

50% escaped14 total outputs

Attack Surface

1 unprotected

GamiPress – LearnDash Group Leaderboard Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_gamipress_learndash_group_leaderboard_regenerate_leaderboardsincludes\ajax-functions.php:24

WordPress Hooks 20

actionadmin_noticesgamipress-learndash-group-leaderboard.php:104

actionplugins_loadedgamipress-learndash-group-leaderboard.php:264

filtergamipress_settings_addons_meta_boxesincludes\admin.php:143

actionadd_meta_boxesincludes\admin.php:161

filtergamipress_automatic_updates_pluginsincludes\admin.php:202

filtergamipress_get_block_fieldsincludes\blocks.php:37

filtergamipress_leaderboards_leaderboard_pre_query_varsincludes\content-filters.php:47

filtergamipress_leaderboards_leaderboard_usersincludes\content-filters.php:89

filtergamipress_leaderboards_leaderboard_users_per_pageincludes\content-filters.php:90

filtergamipress_leaderboards_leaderboard_columnsincludes\content-filters.php:91

filtergamipress_leaderboards_leaderboard_metricsincludes\content-filters.php:92

filtergamipress_leaderboards_leaderboard_periodincludes\content-filters.php:93

filtergamipress_leaderboards_leaderboard_period_start_dateincludes\content-filters.php:94

filtergamipress_leaderboards_leaderboard_period_end_dateincludes\content-filters.php:95

actionsave_postincludes\learndash-groups.php:33

actiondelete_postincludes\learndash-groups.php:53

actionadmin_initincludes\scripts.php:30

actionadmin_enqueue_scriptsincludes\scripts.php:65

actioninitincludes\shortcodes\gamipress_learndash_user_groups_leaderboards.php:90

actionwidgets_initincludes\widgets.php:19

Maintenance & Trust

GamiPress – LearnDash Group Leaderboard Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version

Downloads12K

Community Trust

Rating0/100

Number of ratings0

Active installs300

Alternatives

GamiPress – LearnDash Group Leaderboard Alternatives

GamiPress – PeepSo Group Leaderboard

gamipress-peepso-group-leaderboard

100

Add a completely configurable tab on PeepSo groups with a GamiPress leaderboard of group members

30 No CVEs

GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress

gamipress

Boost your gamification marketing & reward your users with points, achievements, badges & ranks to increase your site activity & loyalty!

10K 15 CVEs

GamiPress – Leaderboards Include/Exclude Users

gamipress-leaderboards-include-exclude-users

100

Include or exclude specific users or roles on any leaderboard.

500 No CVEs

GamiPress – Block Users

gamipress-block-users

100

Block users and roles from getting awarded through the GamiPress awards engine

400 No CVEs

GamiPress – Reset User

gamipress-reset-user

Reset all user earnings and logs from a single button.

400 1 CVE

Developer Profile

GamiPress – LearnDash Group Leaderboard Developer Profile

Ruben Garcia

30 plugins · 25K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

139 days

View full developer profile

Detection Fingerprints

How We Detect GamiPress – LearnDash Group Leaderboard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gamipress-learndash-group-leaderboard/assets/css/admin.css/wp-content/plugins/gamipress-learndash-group-leaderboard/assets/css/frontend.css/wp-content/plugins/gamipress-learndash-group-leaderboard/assets/js/admin.js/wp-content/plugins/gamipress-learndash-group-leaderboard/assets/js/frontend.js

HTML / DOM Fingerprints

CSS Classes

gamipress-learndash-group-leaderboard-admin-noticegamipress-learndash-group-leaderboard-settings

HTML Comments

Data Attributes

data-learndash-group-iddata-gamipress-leaderboard-iddata-gamipress-learndash-group-leaderboard-nonce

JS Globals

GamiPressLearnDashGroupLeaderboard

Shortcode Output

[glgl_leaderboard]

FAQ