Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)

Description

WordPress Plugin Contest Gallery-Photo Contest for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently list all users from the blog, disclosing their username and email address. WordPress Plugin Contest Gallery-Photo Contest for WordPress version 13.1.0.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 13.1.0.7 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:71EB90F2-BAD2-4DE7-9335-02697AEE9FFE

https://plugins.svn.wordpress.org/contest-gallery/trunk/readme.txt

Related Vulnerabilities

Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2026-33169)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)

WordPress Plugin SVG Support Cross-Site Scripting (2.5.1)

Oracle Database Server CVE-2015-0457 Vulnerability (CVE-2015-0457)

WordPress Plugin Windows Desktop and iPhone Photo Uploader Arbitrary File Upload (1.8)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass