Headline
CVE-2022-36394: WordPress Contest Gallery plugin <= 17.0.4 - Authenticated SQL Injection (SQLi) vulnerability - Patchstack
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
Verified
Fixed
7.6
CVSS 3.1 score High severity
Monitoring Coming soon
PSID
d4a1e0d8c02c
Classification
SQL Injection
OWASP Top 10
A1: Injection
Required privilege
Requires author or higher role user authentication.
Publicly disclosed
2022-08-09
Details
Authenticated SQL Injection (SQLi) vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance) in WordPress Contest Gallery plugin (versions <= 17.0.4).
Solution
Update the WordPress Contest Gallery plugin to the latest available version (at least 17.0.5).
References