WordPress Contest Gallery plugin <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion vulnerability

Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Contest Gallery versions = 28.1.5...

CVE-2026-4021 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

CVE-2026-4021

The CVE-2026-4021 entry documents an authentication bypass in the Contest Gallery WordPress plugin up through version 28.1.5. The root cause is a mismatch in the email-to-user-ID flow: users-registry-check-after-email-or-pin-confirmation.php uses the email string in a WHERE ID = %s clause instead...

PT-2025-7533 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The issue seems to be related to a confusion or mix-up regarding vulnerability identifiers. There is a mention of an advisory about a different...

docker: privilege escalation via confusion of usernames and UIDs

It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container...