496 matches found
EUVD-2026-37586
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12165
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
CVE-2026-12165
CVE-2026-12165 affects the WordPress plugin “Contest Gallery” (versions
CVE-2026-12165 Contest Gallery <= 30.0.2 - Authenticated (Author+) Privilege Escalation via 'RegistryUserRole' Parameter
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...
Contest Gallery - Broken Access Control
Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. id: CVE-2024-43283 info: name: Contest Gallery - Broken Access...
EUVD-2026-36980
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
CVE-2026-42656
Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...
CVE-2026-42660
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
CVE-2026-42657
Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...
CVE-2026-40771
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
CVE-2026-42660
CVE-2026-42660 affects the WordPress Contest Gallery plugin up to version 28.1.7 . The issue is described as a Sensitive Data Exposure impacting subscribers. Documents provide the vulnerability label and affected version but do not include root cause specifics, exploit details, or concrete remedi...
CVE-2026-42660 WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
EUVD-2026-36825
Subscriber Sensitive Data Exposure in Contest Gallery = 28.1.7 versions...
CVE-2026-42656
CVE-2026-42656 affects the WordPress Contest Gallery plugin
CVE-2026-42657
CVE-2026-42657 affects the WordPress plugin Contest Gallery (versions ≤ 28.1.7). The entry describes an Unauthenticated Other Vulnerability Type vulnerability in these versions. The available data assign a CVSS v3.1 base score of 5.3 (Medium) with attack vector Network , no required privileges, a...
EUVD-2026-36822
Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...
CVE-2026-42657 WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in Contest Gallery = 28.1.7 versions...
CVE-2026-42656 WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...
EUVD-2026-36821
Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...
CVE-2026-42656 WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...