SQL Injection Vulnerability in Contest Gallery Plugin by WordPress
CVE-2025-22693

7.6HIGH

Key Information:

Vendor: WordPress
Status: Contest Gallery
Vendor: CVE Published:; 3 February 2025

Summary

The Contest Gallery Plugin for WordPress contains a SQL Injection vulnerability that allows attackers to manipulate SQL queries. This flaw can lead to unauthorized access to sensitive data and potential manipulation of the database. Users of Contest Gallery versions up to 25.1.0 are particularly at risk. It is crucial for administrators to assess their installations and implement security best practices to safeguard their web applications.

Affected Version(s)

Contest Gallery <= 25.1.0

References

https://patchstack.com/database/wordpress/plugin/contest-...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)