Headline
CVE-2022-27853: WordPress Contest Gallery plugin <= 13.1.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) <= 13.1.0.9
contest-gallery
Software
Contest Gallery
Vulnerable Versions
<= 13.1.0.9
Fixed in version
14.0.0
CVE
CVE-2022-27853
References
Credits
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Disclosure Date
2021-12-20
CVSS 3.0 score
Requires author or higher role user authentication.
Are your websites subject to this vulnerability?
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien in WordPress Contest Gallery plugin (versions <= 13.1.0.9).
Solution
Update the WordPress Contest Gallery plugin to the latest available version (at least 14.0.0).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.