Vulnerabilities (CVE)

Filtered by vendor Contest-gallery Subscribe
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4165 1 Contest-gallery 1 Contest Gallery 2024-02-28 N/A 6.5 MEDIUM
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
CVE-2022-4150 1 Contest-gallery 1 Contest Gallery 2024-02-28 N/A 6.5 MEDIUM
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.
CVE-2022-36394 1 Contest-gallery 1 Contest Gallery 2024-02-28 N/A 8.8 HIGH
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
CVE-2022-27853 1 Contest-gallery 1 Contest Gallery 2024-02-28 3.5 LOW 4.8 MEDIUM
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
CVE-2019-5974 1 Contest-gallery 1 Contest Gallery 2024-02-28 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Contest Gallery versions prior to 10.4.5 allows remote attackers to hijack the authentication of administrators via unspecified vectors.