Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Remote, low-complexity SQLi needing a Contributor account (PR:L, no UI); scope change to the WP database (S:C) yields high confidentiality, with limited integrity plausible for SQLi.
Primary rating from Vendor (patchstack).
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.
AnalysisAI
SQL injection in the Contest Gallery WordPress plugin (versions <= 30.0.0) allows an authenticated user with Contributor-level access to inject arbitrary SQL through unsanitized input, exposing the contents of the WordPress database. The flaw was disclosed via Patchstack and carries a CVSS 8.5; no public exploit code has been identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated WordPress account at Contributor level or higher (CVSS PR:L) on a site with the Contest Gallery plugin installed and active at version 30.0.0 or earlier; no user interaction is needed (UI:N) and the attack is performed remotely over the network (AV:N) with low complexity (AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L, score 8.5) describes network-reachable, low-complexity exploitation that requires low privileges (PR:L) and no user interaction, with high confidentiality impact, no integrity impact, and low availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or obtains a Contributor account on a WordPress site running Contest Gallery <= 30.0.0, then submits a crafted request to a plugin endpoint with a malicious SQL payload in a parameter that is concatenated into a database query. Because the query runs against the full WordPress database, the attacker extracts sensitive data such as user records and password hashes (scope change, C:H). … |
| Remediation | No vendor-released patch version is identified in the available data; consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-30-0-0-sql-injection-vulnerability?_s_id=cve) for the fixed release and upgrade to a version newer than 30.0.0 as soon as it is confirmed available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all WordPress installations using Contest Gallery plugin and document current versions; audit active Contributor-level user accounts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39667
GHSA-25p9-h7xj-6xhv