Contest-gallery

Contest Gallery

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2026-3180

  • EPSS 0.08%
  • Veröffentlicht 02.03.2026 17:23:36
  • Zuletzt bearbeitet 02.03.2026 20:29:29

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in all versions up to, and including, 28.1.4 due to insu...

5.3

CVE-2025-12849

  • EPSS 0.15%
  • Veröffentlicht 15.11.2025 06:41:31
  • Zuletzt bearbeitet 18.11.2025 14:06:55

The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the `cg_check_wp_admin_upload_v10` AJAX action for both authenticated and unauthenticat...

4.3

CVE-2025-11254

  • EPSS 0.18%
  • Veröffentlicht 11.10.2025 08:29:16
  • Zuletzt bearbeitet 14.10.2025 19:36:59

The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed u...

6.4

CVE-2025-10383

  • EPSS 0.03%
  • Veröffentlicht 04.10.2025 03:33:31
  • Zuletzt bearbeitet 06.10.2025 14:56:47

The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form field parameters in all versions up to, and including, 27.0.2. This is due to insufficient input sani...

5.4

CVE-2025-3862

  • EPSS 0.2%
  • Veröffentlicht 08.05.2025 11:13:44
  • Zuletzt bearbeitet 04.06.2025 22:57:04

Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.1

CVE-2025-1513

  • EPSS 0.52%
  • Veröffentlicht 28.02.2025 06:15:25
  • Zuletzt bearbeitet 06.03.2025 17:52:55

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when co...

7.2

CVE-2025-22693

  • EPSS 0.12%
  • Veröffentlicht 03.02.2025 15:15:19
  • Zuletzt bearbeitet 15.04.2025 19:58:46

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0.

4.8

CVE-2024-56237

  • EPSS 0.1%
  • Veröffentlicht 02.01.2025 12:15:24
  • Zuletzt bearbeitet 03.04.2025 14:31:20

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3.

9.8

CVE-2024-11103

  • EPSS 0.16%
  • Veröffentlicht 28.11.2024 10:15:06
  • Zuletzt bearbeitet 11.04.2025 14:56:31

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. Th...

9.8

CVE-2024-10687

  • EPSS 0.53%
  • Veröffentlicht 05.11.2024 10:15:24
  • Zuletzt bearbeitet 08.11.2024 15:26:52

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up ...