Contest-gallery Contest_gallery

37 CVEs affecting Contest-gallery Contest_gallery. Latest disclosed: 2025-05-08. Critical: 2, High: 12.

Top CVEs affecting Contest-gallery Contest_gallery
CVESeverityScorePublishedSummary
CVE-2024-11103Critical9.82024-11-28The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due t…
CVE-2024-10687Critical9.82024-11-05The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is…
CVE-2019-5974High8.82019-07-05Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrat…
CVE-2024-30236High8.52024-03-28Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle…
CVE-2024-30238High8.52024-03-27Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle…
CVE-2024-32778High7.72024-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery con…
CVE-2025-22693High7.62025-02-03Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle…
CVE-2022-36394High7.62022-08-23Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
CVE-2022-4158High7.52022-12-26The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before co…
CVE-2022-4156High7.52022-12-26The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before conc…
CVE-2025-1513High7.22025-02-28The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for Wo…
CVE-2024-39631High7.12024-08-01Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle…
CVE-2024-30428High7.12024-03-29Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Galle…
CVE-2023-28784High7.12023-06-22Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.
CVE-2022-4166Medium6.52022-12-26The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before co…
CVE-2022-4165Medium6.52022-12-26The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before con…
CVE-2022-4164Medium6.52022-12-26The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST pa…
CVE-2022-4163Medium6.52022-12-26The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST…
CVE-2022-4162Medium6.52022-12-26The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before conca…
CVE-2022-4161Medium6.52022-12-26The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter befor…