Server-Side Request Forgery Vulnerability in Contest Gallery by Wasiliy Strecker
CVE-2026-24964

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Contest Gallery
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-24964?

The Contest Gallery plugin, developed by Wasiliy Strecker, contains a Server-Side Request Forgery (SSRF) vulnerability that could allow attackers to send malicious requests from the server. This vulnerability affects versions from n/a up to and including 28.1.2.1, potentially compromising the security of the server and its environment. It is crucial for users of the plugin to assess their installations and apply necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Contest Gallery <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/contest-...

vdb-entry

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 28, 2026

Credit

lilmingwa13 | Patchstack Bug Bounty Program

CVE-2026-24964 Data

JSON