目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

Wasiliy Strecker / ContestGallery developer 厂商漏洞列表 / CVE 中文分析 13

Wasiliy Strecker / ContestGallery developer 厂商相关 13 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

该开发者主要维护ContestGallery项目,一个用于在线竞赛和画廊管理的WordPress插件。历史上,其产品曾存在多个安全漏洞,主要包括跨站脚本(XSS)、远程代码执行(RCE)和权限绕过等类型。这些漏洞主要源于输入验证不足和权限控制缺陷。截至最新统计,该项目已记录13条CVE编号,反映了持续的安全挑战。开发者虽发布修复补丁,但部分漏洞仍影响旧版本,建议用户及时更新并实施最小权限原则。

上位製品 Wasiliy Strecker / ContestGallery developer: Contest Gallery
CVE IDタイトルCVSS深刻度公開日
CVE-2026-25035 WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability — Contest GalleryCWE-288 9.8 Critical2026-03-25
CVE-2026-24964 WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability — Contest GalleryCWE-918 6.4 Medium2026-03-25
CVE-2026-24965 WordPress Contest Gallery plugin <= 28.1.1 - Broken Access Control vulnerability — Contest GalleryCWE-862 4.3 Medium2026-02-03
CVE-2025-62950 WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability — Contest GalleryCWE-352 4.3 Medium2025-11-06
CVE-2025-48291 WordPress Contest Gallery <= 26.0.6 - Cross Site Scripting (XSS) Vulnerability — Contest GalleryCWE-79 7.1 High2025-07-16
CVE-2025-22693 WordPress Contest Gallery plugin <= 25.1.0 - SQL Injection vulnerability — Contest GalleryCWE-89 7.6 High2025-02-03
CVE-2024-56237 WordPress Contest Gallery plugin <= 24.0.3 - Cross Site Scripting (XSS) vulnerability — Contest GalleryCWE-79 5.9 Medium2025-01-02
CVE-2024-43283 WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability — Contest GalleryCWE-201 5.3 Medium2024-08-26
CVE-2024-39631 WordPress Contest Gallery plugin <= 23.1.2 - Cross Site Scripting (XSS) vulnerability — Contest GalleryCWE-79 7.1 High2024-08-01
CVE-2024-32778 WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability — Contest GalleryCWE-22 8.5 High2024-06-09
CVE-2024-30428 WordPress Contest Gallery plugin <= 24.0.3 - Reflected Cross Site Scripting (XSS) vulnerability — Contest GalleryCWE-79 7.1 High2024-03-29
CVE-2024-30236 WordPress Contest Gallery plugin <= 21.3.4 - SQL Injection vulnerability — Contest GalleryCWE-89 8.5 High2024-03-28
CVE-2024-30238 WordPress Photos and Files Contest Gallery plugin <= 21.3.2 - SQL Injection vulnerability — Contest GalleryCWE-89 8.5 High2024-03-27

本页汇总了 Wasiliy Strecker / ContestGallery developer 厂商截至目前公开的全部 13 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。