Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Contest_gallery
(Contest\-Gallery)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-01 | CVE-2024-39631 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2. | Contest_gallery | 6.1 | ||
| 2023-10-31 | CVE-2023-5307 | The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. | Contest_gallery | 6.1 | ||
| 2022-12-06 | CVE-2022-45848 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress. | Contest_gallery | 6.1 | ||
| 2022-12-26 | CVE-2022-4150 | The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | Contest_gallery | 6.5 |