Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons 26.0.0.1

  • Severity: high-risk
  • Status: Fixed
  • Publication: February 27, 2025

The plugin for WordPress called Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery allows users to upload, vote, and sell their photos through PayPal or Stripe. However, it has a security vulnerability in the Name and Comment fields when commenting on photo gallery entries. This can allow attackers to insert harmful web scripts that will run when a user visits the affected page. This vulnerability affects all versions up to and including 26.0.0.1, so it is important to update to the latest version to protect against this.

Detected in:

Contest Gallery – Upload, Vote & Sell with PayPal and Stripe fixed vulnerable versions:
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons fixed vulnerable versions:
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.