Cross-site Scripting Vulnerability in Contest Gallery by Contest Gallery Plugin
CVE-2024-56237

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Contest Gallery
Vendor: CVE Published:; 2 January 2025

Summary

A vulnerability exists within the Contest Gallery Plugin that allows for improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting (XSS) issue. This security flaw can potentially allow attackers to inject malicious scripts into web pages viewed by users, compromising user data and session integrity. The vulnerability affects various versions of the plugin, specifically from n/a to 24.0.3, underscoring the importance of timely updates and patches to safeguard web applications from exploitation.

Affected Version(s)

Contest Gallery <= 24.0.3

References

https://patchstack.com/database/wordpress/plugin/contest-...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

thiennv (Patchstack Alliance)