764 matches found
Contest Gallery - Broken Access Control
Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...
CVE-2026-42680
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...
CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...
CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...
CVE-2026-42680
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...
CVE-2026-42680
CVE-2026-42680 : Affected product is the WordPress plugin Contest Gallery Pro up to version 29.0.1. The vulnerability is an Incorrect Privilege Assignment that allows privilege escalation. The CVSS 3.1 base score is 9.8 (CRITICAL) with attack vector NETWORK, no user interaction, and requires no p...
EUVD-2026-33657
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...
PT-2026-45433
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...
WordPress plugin Contest Gallery Pro has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-8912
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...
CVE-2026-8912 Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...
CVE-2026-8912
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...
EUVD-2026-30893
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...
CVE-2026-8912
CVE-2026-8912 affects the Contest Gallery plugin for WordPress up to version 28.1.6. It is an unauthenticated SQL Injection via the form_input parameter in the post_cg_gallery_form_upload AJAX action (cb branch of users-upload-check.php), where $f_input_id is concatenated unquoted into a SQL quer...
CVE-2026-8912 Contest Gallery <= 28.1.6 - Unauthenticated SQL Injection
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'forminput' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the unauthenticat...
WordPress plugin Contest Gallery SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-41885
The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form input' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query inside the...
WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Contest Gallery Pro versions = 29.0.1...
WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin Contest Gallery versions = 28.1.7...
WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability
Other Vulnerability Type vulnerability discovered by endy in WordPress Plugin Contest Gallery versions = 28.1.7...