CPE-0BB3C843-4A3B-4029-87FA-172E4F8569F6 Detail

CPE Details

Contest-Gallery Contest Gallery 21.3.4 for WordPress

Vendor

contest-gallery

Product

contest_gallery

Version

21.3.4

Created

2024-11-07
11h55 +00:00

Modified

2024-11-07
11h55 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:contest-gallery:contest_gallery:21.3.4:::::wordpress::

Informations

Vendor

contest-gallery

Product

contest_gallery

Version

21.3.4

Target Software

wordpress

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2025-1513	2025-02-28 05h23 +00:00	The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when commenting on photo gallery entries in all versions up to, and including, 26.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	7.2	High
CVE-2024-56237	2025-01-02 12h01 +00:00	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3.	5.9	Medium
CVE-2024-10687	2024-11-05 09h30 +00:00	The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.	9.8	Critical
CVE-2024-39631	2024-08-01 22h27 +00:00	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2.	7.1	High
CVE-2024-32778	2024-06-09 13h08 +00:00	Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.	8.5	High
CVE-2024-30428	2024-03-29 13h24 +00:00	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through 21.3.5.	7.1	High

Contest-Gallery Contest Gallery 21.3.4 for WordPress

CPE Details

CPE Name: cpe:2.3:a:contest-gallery:contest_gallery:21.3.4:*:*:*:*:wordpress:*:*

Informations

Vendor

Product

Version

Target Software

Related CVE

CPE Name: cpe:2.3:a:contest-gallery:contest_gallery:21.3.4:::::wordpress::