Cross-Site Request Forgery in Contest Gallery by Wasiliy Strecker
CVE-2025-62950

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Contest Gallery
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-62950?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Contest Gallery plugin developed by Wasiliy Strecker. This vulnerability allows attackers to perform unauthorized actions on behalf of an authenticated user. The issue affects versions of the Contest Gallery plugin up to and including 28.0.0, potentially compromising the integrity of galleries and contests managed through the platform. Users are advised to take immediate steps to secure their installations and prevent exploitation.

Affected Version(s)

Contest Gallery <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/cont...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Lorenzo Camilli | Patchstack Bug Bounty Program

JSON