Contest-Gallery Contest Gallery 24.0.6 for WordPress

CPE Details

Contest-Gallery Contest Gallery 24.0.6 for WordPress
contest-gallery
contest_gallery
24.0.6
2025-04-03
10h07 +00:00
2025-04-03
10h07 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:contest-gallery:contest_gallery:24.0.6:*:*:*:*:wordpress:*:*

Informations

Vendor

contest-gallery

Product

contest_gallery

Version

24.0.6

Target Software

wordpress

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-1513 2025-02-28 05h23 +00:00 The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when commenting on photo gallery entries in all versions up to, and including, 26.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
7.2
Haute
CVE-2024-11103 2024-11-28 09h47 +00:00 The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
9.8
Critique