Vulnerabilities > Contest Gallery
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-10687 | SQL Injection vulnerability in Contest-Gallery Contest Gallery The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-08-01 | CVE-2024-39631 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2. | 6.1 |
| 2024-02-12 | CVE-2024-24887 | Cross-Site Request Forgery (CSRF) vulnerability in Contest-Gallery Contest Gallery Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. | 8.8 |
| 2023-10-31 | CVE-2023-5307 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. | 6.1 |
| 2023-06-22 | CVE-2023-28784 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Unauth. | 6.1 |
| 2022-12-26 | CVE-2022-4150 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. | 6.5 |
| 2022-12-26 | CVE-2022-4151 | SQL Injection vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-images-data.php. | 6.5 |
| 2022-12-26 | CVE-2022-4152 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-options.php. | 6.5 |
| 2022-12-26 | CVE-2022-4153 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. | 6.5 |
| 2022-12-26 | CVE-2022-4154 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. | 4.9 |