Contest Gallery Security Vulnerabilities and Issues — Contest Gallery CVE List

Lucene search

Contest-galleryContest Gallery

4 matches found

CVE•added 2022/04/18 5:15 p.m.•71 views

CVE-2022-27853

Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin)

4.8CVSS4.9AI score0.00319EPSS

CVE•added 2022/12/26 1:15 p.m.•67 views

CVE-2022-4154

The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive inf...

4.9CVSS5.1AI score0.00314EPSS

CVE•added 2022/12/26 1:15 p.m.•53 views

CVE-2022-4155

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite ...

4.9CVSS5.1AI score0.00289EPSS

CVE•added 2022/12/26 1:15 p.m.•49 views

CVE-2022-4157

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite W...

4.9CVSS5.1AI score0.01152EPSS