N/A
2026-04-29< 29.0.0
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Missing Authorization
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe
Minimum safe version
29.0.0
Update to 29.0.0 or later to address 58 fixable vulnerabilities
Latest available30.0.0 ✓
N/A
2026-04-29< 29.0.0
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.7 - Authenticated (Subscriber+) Sensitive Information Exposure
N/A
2026-04-29< 29.0.0
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting
N/A
2026-04-21< 28.1.7
Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.6 - Unauthenticated SQL Injection
N/A
2026-03-02< 28.1.5
Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection
N/A
2026-03-23< 28.1.6
Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion
Critical 9.8
2026-03-25< 28.1.3
CVE-2026-25035
Medium 6.4
2026-03-25< 28.1.2.2
CVE-2026-24964
Medium 4.3
2026-02-03< 28.1.2
CVE-2026-24965
Medium 5.3
2025-11-15< 28.0.3
CVE-2025-12849
Medium 4.3
2025-11-06< 28.0.1
CVE-2025-62950
Medium 4.3
2025-10-11< 28.0.0
CVE-2025-11254
Medium 6.4
2025-10-04< 27.0.3
CVE-2025-10383
High 7.2
2025-08-01< 26.1.1
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting
High 7.1
2025-07-16< 26.0.7
CVE-2025-48291
Medium 6.4
2025-07-11< 26.0.9
Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting
Medium 6.4
2025-05-08< 26.0.7
Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
High 7.2
2025-02-28< 26.0.1
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting
High 7.6
2025-02-03< 25.1.2
CVE-2025-22693
Medium 5.9
2025-12-30< 24.0.4
WordPress Contest Gallery Plugin <= 24.0.3 is vulnerable to Cross Site Scripting (XSS)
Critical 9.8
2024-11-28< 24.0.8
CVE-2024-11103
Critical 9.8
2024-11-05< 24.0.4
CVE-2024-10687
Medium 5.3
2024-08-26< 23.1.3
CVE-2024-43283
High 7.1
2024-08-01< 23.1.3
CVE-2024-39631
High 8.5
2024-06-09< 21.3.5
CVE-2024-32778
High 7.1
2024-03-29< 21.3.6
CVE-2024-30428
High 8.5
2024-03-28< 21.3.5
CVE-2024-30236
High 8.5
2024-03-27< 21.3.2.1
CVE-2024-30238
Medium 5.4
2024-03-11< 21.3.1
CVE-2024-1487
Medium 5.4
2024-02-12< 21.2.9
CVE-2024-24887
N/A
2024-01-09< 21.2.9
Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery
Medium 6.1
2023-10-31< 21.2.8.1
CVE-2023-5307
High 7.1
2023-06-22< 21.1.2.1
CVE-2023-28784
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4150
N/A
2021-11-01< 13.1.0.7
Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure
N/A
2022-06-01< 17.0.5
Contest Gallery – Files Upload and Contest Plugin for WordPress <= 17.0.4 - Admin+ SQL Injection
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4163
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4151
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4166
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4153
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4159
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4162
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4165
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4152
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4161
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4160
Medium 6.5
2022-12-26< 19.1.5.1
CVE-2022-4164
Medium 4.9
2022-12-26< 19.1.5.1
CVE-2022-4155
Medium 4.9
2022-12-26< 19.1.5.1
CVE-2022-4157
High 7.5
2022-12-26< 19.1.5.1
CVE-2022-4156
High 7.5
2022-12-26< 19.1.5.1
CVE-2022-4158
Medium 6.1
2022-12-06< 19.1.5
CVE-2022-45848
N/A
< 13.1.0.7
Contest Gallery < 13.1.0.7 - Subscriber+ Email Address Disclosure
High 7.6
2022-08-23< 17.0.5
CVE-2022-36394
N/A
2021-11-01< 13.1.0.7
WordPress Contest Gallery plugin <= 13.1.0.6 - Email Address Disclosure vulnerability
Medium 4.8
2022-04-18< 14.0.0
CVE-2022-27853
High 8.8
2019-07-10< 10.4.5
WordPress Contest Gallery plugin <= 10.4.4 - Cross-Site Request Forgery (CSRF) vulnerability
Critical 9.8
2022-04-13< 13.1.0.6
Contest Gallery – Photo Contest Plugin for WordPress <= 13.1.0.5 - SQL Injection