Contest-gallery Contest_gallery
37 CVEs affecting Contest-gallery Contest_gallery. Latest disclosed: 2025-05-08. Critical: 2, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-11103 | Critical | 9.8 | 2024-11-28 | The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due t… |
CVE-2024-10687 | Critical | 9.8 | 2024-11-05 | The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is… |
CVE-2019-5974 | High | 8.8 | 2019-07-05 | Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrat… |
CVE-2024-30236 | High | 8.5 | 2024-03-28 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle… |
CVE-2024-30238 | High | 8.5 | 2024-03-27 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle… |
CVE-2024-32778 | High | 7.7 | 2024-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery con… |
CVE-2025-22693 | High | 7.6 | 2025-02-03 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle… |
CVE-2022-36394 | High | 7.6 | 2022-08-23 | Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. |
CVE-2022-4158 | High | 7.5 | 2022-12-26 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before co… |
CVE-2022-4156 | High | 7.5 | 2022-12-26 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before conc… |
CVE-2025-1513 | High | 7.2 | 2025-02-28 | The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for Wo… |
CVE-2024-39631 | High | 7.1 | 2024-08-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle… |
CVE-2024-30428 | High | 7.1 | 2024-03-29 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle… |
CVE-2023-28784 | High | 7.1 | 2023-06-22 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions. |
CVE-2022-4166 | Medium | 6.5 | 2022-12-26 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before co… |
CVE-2022-4165 | Medium | 6.5 | 2022-12-26 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before con… |
CVE-2022-4164 | Medium | 6.5 | 2022-12-26 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST pa… |
CVE-2022-4163 | Medium | 6.5 | 2022-12-26 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST… |
CVE-2022-4162 | Medium | 6.5 | 2022-12-26 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before conca… |
CVE-2022-4161 | Medium | 6.5 | 2022-12-26 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter befor… |