Vulnerabilities > Contest Gallery
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2025-1513 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when commenting on photo gallery entries in all versions up to, and including, 26.0.0.1 due to insufficient input sanitization and output escaping. | 6.1 |
| 2025-01-02 | CVE-2024-56237 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3. | 4.8 |
| 2024-11-05 | CVE-2024-10687 | SQL Injection vulnerability in Contest-Gallery Contest Gallery The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-08-26 | CVE-2024-43283 | Information Exposure vulnerability in Contest-Gallery Contest Gallery Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 23.1.2. | 7.5 |
| 2024-08-01 | CVE-2024-39631 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2. | 6.1 |
| 2024-06-09 | CVE-2024-32778 | Unspecified vulnerability in Contest-Gallery Contest Gallery Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4. | 8.1 |
| 2024-03-29 | CVE-2024-30428 | Unspecified vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through 21.3.5. | 6.1 |
| 2024-03-28 | CVE-2024-30236 | Unspecified vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4. | 9.9 |
| 2024-03-27 | CVE-2024-30238 | Unspecified vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2. | 8.8 |
| 2024-03-11 | CVE-2024-1487 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. | 5.4 |