Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-accessible WordPress endpoint requires only a subscriber account (PR:L); pure read-only data leak yields C:H with no integrity or availability impact.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions.
AnalysisAI
Sensitive data exposure in the Contest Gallery WordPress plugin (versions <= 28.1.7) allows authenticated subscribers to access confidential information they are not authorized to view. The vulnerability stems from insufficient access control over data retrieval endpoints within the plugin, permitting low-privileged WordPress users to read sensitive data with high confidentiality impact. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the low complexity and remote exploitability make it a credible risk for WordPress sites with open subscriber registration.
Technical ContextAI
Contest Gallery is a WordPress photo contest and gallery management plugin developed by Wasiliy Strecker, identified in CPE as cpe:2.3:a:wasiliy_strecker:contest_gallery:*:*:*:*:*:*:*:*. The root cause is classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), meaning the plugin exposes data - likely contest entries, participant details, or internal plugin data - to user roles (subscribers) that should not have read access to it. WordPress subscriber accounts are the lowest authenticated user tier and are obtainable via open registration on most WordPress sites. The flaw likely exists in an AJAX handler, REST API endpoint, or admin-accessible function that fails to verify the requesting user's capability level before returning sensitive data.
RemediationAI
Update the Contest Gallery plugin to a version beyond 28.1.7 immediately; the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-7-sensitive-data-exposure-vulnerability) should be consulted for the confirmed fixed release version, as no specific patch version number was available in the input data. If an immediate update is not possible, disable open subscriber registration on the WordPress site (Settings > General > uncheck 'Anyone can register') to prevent unauthenticated users from obtaining the subscriber role needed to exploit this flaw - note this may impact legitimate site functionality if subscriber registration is part of the contest workflow. Additionally, review WordPress user accounts for unexpected subscriber-level registrations that may indicate prior reconnaissance or exploitation attempts. Monitor plugin update availability via the WordPress plugin repository or Patchstack alerts.
More in Contest Gallery
View allThe Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36825
GHSA-vcff-hh69-qfjw