Vulnerabilities (CVE)

Filtered by vendor Contest Gallery Subscribe
Filtered by product Contest Gallery
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24915 1 Contest Gallery 1 Contest Gallery 2024-02-28 7.5 HIGH 9.8 CRITICAL
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address