Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress 21.2.8.4

  • Severity: medium-risk
  • Status: Fixed
  • Publication: January 9, 2024

The Photos and Files Contest Gallery plugin for WordPress is vulnerable to a security issue called Cross-Site Request Forgery. This means that anyone without proper permission can perform unauthorized actions on the plugin, including uploading files and sharing them on social media. This is because there is a problem with how the plugin checks for a special code called a nonce. Attackers can take advantage of this issue by tricking a site administrator into clicking on a link and granting them access to perform these actions.

Detected in:

Contest Gallery – Upload, Vote & Sell with PayPal and Stripe fixed vulnerable versions:
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress fixed vulnerable versions:
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress fixed vulnerable versions:
Photos, Files, YouTube, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons fixed vulnerable versions:
Photos, Files, YouTube, Twitter, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons fixed vulnerable versions:
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons fixed vulnerable versions:
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI fixed vulnerable versions:
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.