Vulnerabilities > Contest Gallery

DATE CVE VULNERABILITY TITLE RISK
2024-08-01 CVE-2024-39631 Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2.
network
low complexity
contest-gallery CWE-79
6.1
2024-02-12 CVE-2024-24887 Cross-Site Request Forgery (CSRF) vulnerability in Contest-Gallery Contest Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.
network
low complexity
contest-gallery CWE-352
8.8
2023-10-31 CVE-2023-5307 Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.
network
low complexity
contest-gallery CWE-79
6.1
2023-06-22 CVE-2023-28784 Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery
Unauth.
network
low complexity
contest-gallery CWE-79
6.1
2022-12-26 CVE-2022-4150 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php.
network
low complexity
contest-gallery
6.5
2022-12-26 CVE-2022-4151 SQL Injection vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-images-data.php.
network
low complexity
contest-gallery CWE-89
6.5
2022-12-26 CVE-2022-4152 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-options.php.
network
low complexity
contest-gallery
6.5
2022-12-26 CVE-2022-4153 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php.
network
low complexity
contest-gallery
6.5
2022-12-26 CVE-2022-4154 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php.
network
low complexity
contest-gallery
4.9
2022-12-26 CVE-2022-4155 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php.
network
low complexity
contest-gallery
4.9