Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure
CVE-2021-24915

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Contest Gallery – Photo Contest Plugin For WordPress
Vendor: CVE Published:; 29 November 2021

Summary

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address

Affected Version(s)

Contest Gallery – Photo Contest Plugin for WordPress 13.1.0.6

References

https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-...

x_refsource_MISC

https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aab...

x_refsource_MISC

EPSS Score

37% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Tyler Miller