Vulnerabilities > Contest Gallery > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-01 | CVE-2024-39631 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2. | 6.1 |
| 2023-10-31 | CVE-2023-5307 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. | 6.1 |
| 2023-06-22 | CVE-2023-28784 | Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery Unauth. | 6.1 |
| 2022-12-26 | CVE-2022-4150 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. | 6.5 |
| 2022-12-26 | CVE-2022-4151 | SQL Injection vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-images-data.php. | 6.5 |
| 2022-12-26 | CVE-2022-4152 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-options.php. | 6.5 |
| 2022-12-26 | CVE-2022-4153 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the upload[] POST parameter before concatenating it to an SQL query in get-data-create-upload-v10.php. | 6.5 |
| 2022-12-26 | CVE-2022-4154 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. | 4.9 |
| 2022-12-26 | CVE-2022-4155 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. | 4.9 |
| 2022-12-26 | CVE-2022-4157 | Unspecified vulnerability in Contest-Gallery Contest Gallery The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. | 4.9 |