Contest Gallery - Broken Access Control

Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...

CVE-2026-57662

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

CVE-2026-57662

The CVE-2026-57662 entry concerns the WordPress Contest Gallery plugin (versions up to and including 30.0.0). The connected documents confirm a SQL Injection vulnerability affecting this plugin, tied to Contest Gallery

CVE-2026-57662 WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

EUVD-2026-39667

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

WordPress Contest Gallery plugin <= 30.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Contest Gallery versions = 30.0.0...

EUVD-2026-37586

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

CVE-2026-12165

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

CVE-2026-12165

CVE-2026-12165 affects the WordPress plugin “Contest Gallery” (versions

CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

EUVD-2026-36980

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

CVE-2026-42657

Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...

CVE-2026-42656

Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...

CVE-2026-42660

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

CVE-2026-40771

Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...

EUVD-2026-36825

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

CVE-2026-42660 WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...

CVE-2026-42660

CVE-2026-42660 affects the WordPress Contest Gallery plugin up to version 28.1.7 . The issue is described as a Sensitive Data Exposure impacting subscribers. Documents provide the vulnerability label and affected version but do not include root cause specifics, exploit details, or concrete remedi...

CVE-2026-42657

CVE-2026-42657 affects the WordPress plugin Contest Gallery (versions ≤ 28.1.7). The entry describes an Unauthenticated Other Vulnerability Type vulnerability in these versions. The available data assign a CVSS v3.1 base score of 5.3 (Medium) with attack vector Network , no required privileges, a...

CVE-2026-42656 WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...