503 matches found
Contest Gallery - Broken Access Control
Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...
CVE-2026-57662
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
CVE-2026-57662
The CVE-2026-57662 entry concerns the WordPress Contest Gallery plugin (versions up to and including 30.0.0). The connected documents confirm a SQL Injection vulnerability affecting this plugin, tied to Contest Gallery
CVE-2026-57662
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
EUVD-2026-39667
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
CVE-2026-57662 WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability
Contributor SQL Injection in Contest Gallery = 30.0.0 versions...
WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 30.0.0...
PT-2026-52832
Name of the Vulnerable Software and Affected Versions Contest Gallery versions prior to 30.0.1 Description A SQL Injection issue exists that allows attackers with contributor-level permissions to execute unauthorized database queries remotely. Recommendations Update to a version newer than 30.0.0...
EUVD-2026-37586
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12165
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12165
CVE-2026-12165 affects the WordPress plugin “Contest Gallery” (versions
EUVD-2026-36980
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
CVE-2026-42657
Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...
CVE-2026-42656
Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...
CVE-2026-42660
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
CVE-2026-40771
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
EUVD-2026-36825
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
CVE-2026-42660 WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
CVE-2026-42660
CVE-2026-42660 affects the WordPress Contest Gallery plugin up to version 28.1.7 . The issue is described as a Sensitive Data Exposure impacting subscribers. Documents provide the vulnerability label and affected version but do not include root cause specifics, exploit details, or concrete remedi...