CVE-2026-42656 WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Contest Gallery = 28.1.6 versions...

CVE-2026-42657

CVE-2026-42657 affects the WordPress plugin Contest Gallery (versions ≤ 28.1.7). The entry describes an Unauthenticated Other Vulnerability Type vulnerability in these versions. The available data assign a CVSS v3.1 base score of 5.3 (Medium) with attack vector Network , no required privileges, a...

📄 WordPress Contest Gallery 28.1.4 Blind SQL Injection

This Metasploit module targets a remote blind SQL injection vulnerability in WordPress Contest Gallery plugin versions 28.1.4 and earlier. ================================================================================================================================== | Title : WordPress Contest...

📄 WordPress Contest Gallery 28.1.4 SQL Injection

WordPress Contest Gallery plugin versions 28.1.4 and below suffer from a remote SQL injection vulnerability. Exploit Title: WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection Tested on: Docker - PHP 8.2/Apache + MariaDB WordPress Environment CVE: 2026-3180 """ Description A...

WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by endy in WordPress Plugin Contest Gallery versions = 28.1.6...

CVE-2026-25035 WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through = 28.1.2.2...

CVE-2026-4021

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

WordPress Contest Gallery plugin <= 28.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by lilmingwa13 in WordPress Plugin Contest Gallery versions = 28.1.1...

CVE-2022-4151

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the optionid GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive...

CVE-2024-11103

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated...

CVE-2024-11103 Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated...

WordPress Contest Gallery Plugin <= 24.0.7 is vulnerable to Privilege Escalation

Software Contest Gallery Type Plugin Vulnerable versions = 24.0.7 Fixed in 24.0.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-11103 Patch priority High CVSS severity High 9.8 Developer Wasiliy Strecker PSID 917060960355 Credits...

WordPress Contest Gallery Plugin <= 24.0.3 is vulnerable to SQL Injection

Software Contest Gallery Type Plugin Vulnerable versions = 24.0.3 Fixed in 24.0.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10687 Patch priority High CVSS severity High 9.3 Developer Wasiliy Strecker PSID 3e91b10a855a Credits shaman0x01 Required privilege Unauthenticate...

WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability

Unauthenticated Comment UserID And IP address Disclosure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Contest Gallery versions = 23.1.2...

WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39631 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID e98eae916e49 Credits CatFather Required privilege...

WordPress Contest Gallery Plugin <= 21.3.4 is vulnerable to Arbitrary File Deletion

Software Contest Gallery Type Plugin Vulnerable versions = 21.3.4 Fixed in 21.3.5 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Deletion CVE CVE-2024-32778 Patch priority Medium CVSS severity Medium 8.5 Developer Wasiliy Strecker PSID 759fb50a3c46 Credits CatFather Required...

WordPress Contest Gallery Plugin <= 24.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions = 24.0.3 Fixed in 24.0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30428 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID 36b896a600a2 Credits Dimas Maulana Required...

WordPress Contest Gallery Plugin <= 21.3.2 is vulnerable to SQL Injection

Software Contest Gallery Type Plugin Vulnerable versions = 21.3.2 Fixed in 21.3.2.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30238 Patch priority Low CVSS severity Low 8.5 Developer Wasiliy Strecker PSID 958738d19609 Credits LVT-tholv2k Required privilege Contributor...

WordPress Contest Gallery Plugin <= 21.3.4 is vulnerable to SQL Injection

Software Contest Gallery Type Plugin Vulnerable versions = 21.3.4 Fixed in 21.3.5 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30236 Patch priority Low CVSS severity Low 8.5 Developer Wasiliy Strecker PSID 03348ec935e2 Credits Emili Castells Required privilege Contributor...

WordPress Contest Gallery Plugin < 21.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions 21.3.1 Fixed in 21.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1487 Patch priority Low CVSS severity Low 6.5 Developer Wasiliy Strecker PSID 898230946609 Credits Giulio - Mistborn...