Vendor
Contest Gallery
Products
2
CVEs
11
Across products
11
Status
Private
Products
2- 9 CVEs
- 2 CVEs
Recent CVEs
11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-30236 | Hig | 0.55 | 8.5 | 0.01 | Mar 28, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4. | |
| CVE-2024-30238 | Hig | 0.55 | 8.5 | 0.01 | Mar 27, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2. | |
| CVE-2024-32778 | Hig | 0.50 | 7.7 | 0.00 | Jun 9, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4. | |
| CVE-2025-22693 | Hig | 0.49 | 7.6 | 0.00 | Feb 3, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows SQL Injection.This issue affects Contest Gallery: from n/a through <= 25.1.0. | |
| CVE-2024-39631 | Hig | 0.46 | 7.1 | 0.00 | Aug 1, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2. | |
| CVE-2024-30428 | Hig | 0.46 | 7.1 | 0.00 | Mar 29, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Reflected XSS.This issue affects Contest Gallery: from n/a through <= 24.0.3. | |
| CVE-2024-56237 | Med | 0.38 | 5.9 | 0.00 | Jan 2, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through <= 24.0.3. | |
| CVE-2024-43283 | Med | 0.36 | 5.3 | 0.16 | Aug 26, 2024 | Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2. | |
| CVE-2024-24887 | Med | 0.35 | 5.4 | 0.00 | Feb 12, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. | |
| CVE-2022-36394 | 0.00 | — | 0.01 | Aug 23, 2022 | Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. | ||
| CVE-2022-27853 | 0.00 | — | 0.00 | Apr 18, 2022 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9 |