Description
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-17-0-4-authenticated-sql-injection-sqli-vulnerability
Release Notes, Third Party Advisory x_refsource_confirm
https://wordpress.org/plugins/contest-gallery/#developers
Scores
CVSS v3
7.6
EPSS
0.0074
EPSS Percentile
50.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (2)
Contest Gallery/Contest Gallery (WordPress plugin)
<= 17.0.4 - 17.0.4
contest-gallery/contest_gallery
< 17.0.4
Published
Aug 23, 2022
Tracked Since
Feb 18, 2026