Description
WordPress Plugin Contest Gallery-Photo Contest for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently list all users from the blog, disclosing their username and email address. WordPress Plugin Contest Gallery-Photo Contest for WordPress version 13.1.0.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 13.1.0.7 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:71EB90F2-BAD2-4DE7-9335-02697AEE9FFE
https://plugins.svn.wordpress.org/contest-gallery/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)
WordPress Plugin WP-Filebase Download Manager Cross-Site Scripting (3.1.02)
Joomla! Core Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 3.8.7)
Joomla! Core 1.0.x SQL Injection (1.0.0 - 1.0.11)
WordPress Plugin WooCommerce Stock Manager Security Bypass (1.0.7)