Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2024/11/28 9:47 a.m.10 views

CVE-2024-11103 Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated...

9.8CVSS7.5AI score0.00732EPSS
Exploits0References4
Patchstack
Patchstackadded 2024/07/24 12:0 a.m.11 views

WordPress Contest Gallery Plugin <= 23.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions = 23.1.2 Fixed in 23.1.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39631 Patch priority Medium CVSS severity Medium 7.1 Developer Wasiliy Strecker PSID e98eae916e49 Credits CatFather Required privilege...

7.1CVSS6.6AI score0.0029EPSS
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2024/04/22 12:0 a.m.13 views

WordPress Contest Gallery Plugin <= 21.3.4 is vulnerable to Arbitrary File Deletion

Software Contest Gallery Type Plugin Vulnerable versions = 21.3.4 Fixed in 21.3.5 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Deletion CVE CVE-2024-32778 Patch priority Medium CVSS severity Medium 8.5 Developer Wasiliy Strecker PSID 759fb50a3c46 Credits CatFather Required...

8.5CVSS6.5AI score0.00612EPSS
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2024/03/12 12:0 a.m.7 views

WordPress Contest Gallery Plugin < 21.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions 21.3.1 Fixed in 21.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1487 Patch priority Low CVSS severity Low 6.5 Developer Wasiliy Strecker PSID 898230946609 Credits Giulio - Mistborn...

6AI score0.00398EPSS
Exploits1References3Affected Software1
Patchstack
Patchstackadded 2023/03/27 12:0 a.m.8 views

WordPress Contest Gallery Plugin <= 21.1.2 is vulnerable to Cross Site Scripting (XSS)

Software Contest Gallery Type Plugin Vulnerable versions = 21.1.2 Fixed in 21.1.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28784 Patch priority Low CVSS severity Low 7.1 Developer Wasiliy Strecker PSID 82f127cf2bbc Credits thiennv Required...

7.1CVSS5.7AI score0.00382EPSS
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2022/11/23 12:0 a.m.22 views

WordPress Contest Gallery plugin <= 13.1.0.9 - Unauth. Stored Cross-Site Scripting (XSS) vulnerability

Unauth. Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Alliance in the WordPress Contest Gallery plugin versions = 13.1.0.9. Solution Update the WordPress Contest Gallery plugin to the latest available version at least 14.0.0...

3.1AI score0.00406EPSS
Exploits0Affected Software1
Rows per page
Query Builder