Vulnerabilities > Contest Gallery > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-03 | CVE-2025-22693 | SQL Injection vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. | 7.2 |
| 2024-08-26 | CVE-2024-43283 | Information Exposure vulnerability in Contest-Gallery Contest Gallery Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 23.1.2. | 7.5 |
| 2024-06-09 | CVE-2024-32778 | Unspecified vulnerability in Contest-Gallery Contest Gallery Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4. | 8.1 |
| 2024-03-27 | CVE-2024-30238 | Unspecified vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2. | 8.8 |
| 2024-02-12 | CVE-2024-24887 | Unspecified vulnerability in Contest-Gallery Contest Gallery Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. | 8.8 |
| 2022-12-26 | CVE-2022-4156 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the user_id POST parameter before concatenating it to an SQL query in ajax-functions-backend.php. | 7.5 |
| 2022-12-26 | CVE-2022-4158 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. | 7.5 |
| 2022-08-23 | CVE-2022-36394 | Unspecified vulnerability in Contest-Gallery Contest Gallery Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. | 8.8 |
| 2019-07-05 | CVE-2019-5974 | Cross-Site Request Forgery (CSRF) vulnerability in Contest-Gallery Contest Gallery Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |