CVE-2025-62950 PoC — WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Source

https://github.com/lorenzocamilli/CVE-2025-62950-PoC

Associated Vulnerability

Title:WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability (CVE-2025-62950)
Description:Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0.

Description

CVE-2025-10720 PoC

Readme

## Description 
This proof of concept (PoC) describes a Cross-Site Request Forgery (CSRF) vulnerability found in the **Contest Gallery – Upload, Vote & Sell with PayPal and Stripe v. 26.1.2** plugin. The issue allows an attacker to trick an authenticated user into executing a crafted request that unintentionally deletes a gallery item without their consent, leading to unauthorized content loss and affecting data integrity.
## Details
- **Vulnerability Type**: Cross-Site Request Forgery (CSRF)
- **Affected Plugin**: ![Contest Gallery – Upload, Vote & Sell with PayPal and Stripe v. 26.1.2](https://wordpress.org/plugins/contest-gallery/)
## Impact
An attacker could trigger unintended operations, specifically the deletion of gallery items—without the user’s awareness or explicit permission. Successful exploitation may lead to unauthorized content removal and poses a risk to data integrity within the system.
## References
- [WPScan](https://wpscan.com/vulnerability/09aad613-162c-41f3-bf91-80fe733771f9/])

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!