Vulnerabilities > Contest Gallery

DATE CVE VULNERABILITY TITLE RISK
2022-12-26 CVE-2022-4155 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php.
network
low complexity
contest-gallery
4.9
2022-12-26 CVE-2022-4156 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in ajax-functions-backend.php.
network
low complexity
contest-gallery
7.5
2022-12-26 CVE-2022-4157 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php.
network
low complexity
contest-gallery
4.9
2022-12-26 CVE-2022-4158 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php.
network
low complexity
contest-gallery
7.5
2022-12-26 CVE-2022-4159 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_id POST parameter before concatenating it to an SQL query in 0_change-gallery.php.
network
low complexity
contest-gallery
6.5
2022-12-26 CVE-2022-4160 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_id POST parameter before concatenating it to an SQL query in cg-copy-comments.php and cg-copy-rating.php.
network
low complexity
contest-gallery
6.5
2022-12-26 CVE-2022-4161 SQL Injection vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php.
network
low complexity
contest-gallery CWE-89
6.5
2022-12-26 CVE-2022-4162 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_row POST parameter before concatenating it to an SQL query in 3_row-order.php.
network
low complexity
contest-gallery
6.5
2022-12-26 CVE-2022-4163 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_deactivate and cg_activate POST parameters before concatenating it to an SQL query in 2_deactivate.php and 4_activate.php, respectively.
network
low complexity
contest-gallery
6.5
2022-12-26 CVE-2022-4164 Unspecified vulnerability in Contest-Gallery Contest Gallery
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_multiple_files_for_post POST parameter before concatenating it to an SQL query in 0_change-gallery.php.
network
low complexity
contest-gallery
6.5