Browse all 5 CVE security advisories affecting Contest Gallery. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Contest Gallery is a WordPress plugin designed for creating and managing photo contests and galleries. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These flaws often stem from insufficient input validation and improper access controls. The plugin has accumulated five CVEs to date, with some versions allowing unauthenticated attackers to execute arbitrary code or compromise user accounts. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests that organizations using Contest Gallery should maintain strict version control and apply security patches promptly to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-24887 | WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) — Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPressCWE-352 | 5.4 | Medium | 2024-02-12 |
| CVE-2023-28784 | WordPress Contest Gallery Plugin <= 21.1.2 is vulnerable to Cross Site Scripting (XSS) — Contest GalleryCWE-79 | 7.1 | High | 2023-06-22 |
| CVE-2022-45848 | WordPress Contest Gallery Plugin <= 13.1.0.9 is vulnerable to Cross Site Scripting (XSS) — Contest GalleryCWE-79 | 6.1 | Medium | 2022-12-06 |
| CVE-2022-36394 | WordPress Contest Gallery plugin <= 17.0.4 - Authenticated SQL Injection (SQLi) vulnerability — Contest Gallery (WordPress plugin)CWE-89 | 7.6 | High | 2022-08-23 |
| CVE-2022-27853 | WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Contest Gallery (WordPress plugin)CWE-79 | 4.8 | Medium | 2022-04-18 |
This page lists every published CVE security advisory associated with Contest Gallery. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.