CVE-2026-42657— WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wasiliy Strecker | Contest Gallery | n/a≤ 28.1.7 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42657
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1284
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wasiliy Strecker Contest Gallery 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Contest Gallery是Wasiliy Strecker个人开发者的一个竞赛管理插件。 Wasiliy Strecker Contest Gallery 28.1.7及之前版本存在输入验证错误漏洞,该漏洞源于未验证其他漏洞类型问题,可能导致未经身份验证的攻击者造成影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Wasiliy Strecker | Contest Gallery | n/a ~ 28.1.7 | - |
II. Public POCs for CVE-2026-42657
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42657
请登录查看更多情报信息。
Same Patch Batch · Wasiliy Strecker · 2026-06-15 · 4 CVEs total
| CVE-2026-40771 | 9.3 CRITICAL | WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability |
| CVE-2026-42656 | 6.5 MEDIUM | WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2026-42660 | 6.5 MEDIUM | WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability |
IV. Related Vulnerabilities
Same product: Contest Gallery
- CVE-2026-42660
WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data - CVE-2026-42656
WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scri - CVE-2026-40771
WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection v - CVE-2026-25035
WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeo - CVE-2026-24964
WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side R
Same weakness: CWE-1284
- CVE-2026-55392
NILFS utilities - Undefined Behavior and Out-of-Memory via U - CVE-2026-55706
OpenBSD 输入验证错误漏洞 - CVE-2026-49110
WordPress Upsell Order Bump Offer for WooCommerce plugin <= - CVE-2026-49078
WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerab - CVE-2026-45441
WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Ty
V. Comments for CVE-2026-42657
No comments yet