Contest-gallery

Contest Gallery

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-43283

  • EPSS 23.68%
  • Veröffentlicht 26.08.2024 16:15:09
  • Zuletzt bearbeitet 01.04.2026 16:17:43

Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.

6.1

CVE-2024-39631

  • EPSS 0.65%
  • Veröffentlicht 01.08.2024 23:15:51
  • Zuletzt bearbeitet 01.04.2026 16:17:38

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.

8.1

CVE-2024-32778

  • EPSS 0.43%
  • Veröffentlicht 09.06.2024 13:15:50
  • Zuletzt bearbeitet 01.04.2026 16:17:06

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.

6.1

CVE-2024-30428

  • EPSS 0.28%
  • Veröffentlicht 29.03.2024 14:15:09
  • Zuletzt bearbeitet 01.04.2026 16:16:55

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a throug...

9.9

CVE-2024-30236

  • EPSS 0.71%
  • Veröffentlicht 28.03.2024 05:15:51
  • Zuletzt bearbeitet 01.04.2026 16:16:54

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.

8.8

CVE-2024-30238

  • EPSS 0.77%
  • Veröffentlicht 27.03.2024 14:15:13
  • Zuletzt bearbeitet 01.04.2026 16:16:54

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2.

5.4

CVE-2024-1487

  • EPSS 0.27%
  • Veröffentlicht 11.03.2024 18:15:18
  • Zuletzt bearbeitet 01.04.2025 15:44:13

The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.

8.8

CVE-2024-24887

  • EPSS 0.05%
  • Veröffentlicht 12.02.2024 09:15:12
  • Zuletzt bearbeitet 21.11.2024 08:59:55

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload F...

6.1

CVE-2023-5307

Exploit
  • EPSS 1.02%
  • Veröffentlicht 31.10.2023 14:15:12
  • Zuletzt bearbeitet 22.04.2025 20:15:27

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.

6.1

CVE-2023-28784

  • EPSS 0.12%
  • Veröffentlicht 22.06.2023 12:15:11
  • Zuletzt bearbeitet 21.11.2024 07:56:00

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.