Product:

Contest_gallery

(Contest\-Gallery)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2022-04-18 CVE-2022-27853 Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 Contest_gallery 4.8
2022-08-23 CVE-2022-36394 Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. Contest_gallery 8.8
2022-12-06 CVE-2022-45848 Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on WordPress. Contest_gallery 6.1
2022-12-26 CVE-2022-4150 The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. Contest_gallery 6.5
2022-12-26 CVE-2022-4151 The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the option_id GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. Contest_gallery 6.5
2022-12-26 CVE-2022-4152 The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pro WordPress plugin before 19.1.5 do not escape the option_id POST parameter before concatenating it to an SQL query in edit-options.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. Contest_gallery 6.5