Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress

Software Type	Plugin
Software Slug	contest-gallery (view on wordpress.org)
Software Status	Active
Software Author	contest-gallery
Software Downloads	323,246
Software Active Installs	1,000
Software Record Last Updated	May 17, 2024

Showing 1-20 of 32 Vulnerabilities

Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion

4.3

CVE-2024-32778

Apr 22, 2024

Researcher: CatFather

Contest Gallery <= 21.3.5 - Reflected Cross-Site Scripting

6.1

CVE-2024-30428

Mar 28, 2024

Researcher: Dimas Maulana

Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30238

Mar 26, 2024

Researcher: LVT-tholv2k

Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30236

Mar 26, 2024

Researcher: Emili Castells

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress <= 21.3.0 - Authenticated (Author+) Stored Cross-Site Scripting

6.4

CVE-2024-1487

Feb 14, 2024

Researcher: Giulio

Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery

4.3

CVE-2024-24887

Feb 5, 2024

Researcher: Dhabaleshwar Das

Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery

4.7

CVE ID Unknown

Jan 9, 2024

Researchers:

Contest Gallery < 21.2.8.1 - Unauthenticated Stored Cross-Site Scripting via headers

6.1

CVE-2023-5307

Oct 10, 2023

Researcher: Dmitrii Ignatyev

Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting

6.1

CVE-2023-28784

Mar 27, 2023

Researcher: thiennv

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id

7.5

CVE-2022-4160

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id

8.8

CVE-2022-4150

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS

7.5

CVE-2022-4166

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row

7.5

CVE-2022-4162

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order

7.5

CVE-2022-4165

Dec 5, 2022

Researchers: Daniel Krohmer, Kunal Sharma

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET

7.5

CVE-2022-4152

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start

7.5

CVE-2022-4161

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post

7.5

CVE-2022-4164

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[]

7.5

CVE-2022-4153

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id

7.5

CVE-2022-4155

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id

7.5

CVE-2022-4157

Dec 5, 2022

Researchers: Kunal Sharma, Daniel Krohmer

Title	Status	CVE ID	CVSS	Researchers	Date
Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion	Patched	CVE-2024-32778	4.3	CatFather	April 22, 2024
Contest Gallery <= 21.3.5 - Reflected Cross-Site Scripting	Patched	CVE-2024-30428	6.1	Dimas Maulana	March 28, 2024
Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection	Patched	CVE-2024-30238	9.9	LVT-tholv2k	March 26, 2024
Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection	Patched	CVE-2024-30236	9.9	Emili Castells	March 26, 2024
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress <= 21.3.0 - Authenticated (Author+) Stored Cross-Site Scripting	Patched	CVE-2024-1487	6.4	Giulio	February 14, 2024
Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery	Patched	CVE-2024-24887	4.3	Dhabaleshwar Das	February 5, 2024
Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery	Patched		4.7		January 9, 2024
Contest Gallery < 21.2.8.1 - Unauthenticated Stored Cross-Site Scripting via headers	Patched	CVE-2023-5307	6.1	Dmitrii Ignatyev	October 10, 2023
Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting	Patched	CVE-2023-28784	6.1	thiennv	March 27, 2023
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id	Patched	CVE-2022-4160	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id	Patched	CVE-2022-4150	8.8	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS	Patched	CVE-2022-4166	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row	Patched	CVE-2022-4162	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order	Patched	CVE-2022-4165	7.5	Daniel Krohmer, Kunal Sharma	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET	Patched	CVE-2022-4152	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start	Patched	CVE-2022-4161	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post	Patched	CVE-2022-4164	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[]	Patched	CVE-2022-4153	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id	Patched	CVE-2022-4155	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022
Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id	Patched	CVE-2022-4157	7.5	Kunal Sharma, Daniel Krohmer	December 5, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress

Information

Showing 1-20 of 32 Vulnerabilities