Skip to main content

Contest Gallery Upload Vote Photos Media Sell With Paypal Stripe

1 CVEs product

Monthly

CVE-2026-12165 HIGH This Week

Privilege escalation in the Contest Gallery WordPress plugin (versions ≤ 30.0.2) allows authenticated Contributor/Author-level users to overwrite the stored RegistryUserRole option to 'administrator', causing newly registered Google sign-in accounts to be promoted to Administrator. The flaw was disclosed by Wordfence and stems from a missing capability check in the option-saving handler; no public exploit identified at time of analysis.

Privilege Escalation PHP Google WordPress Contest Gallery Upload Vote Photos Media Sell With Paypal Stripe
NVD
CVSS 3.1
8.8
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH This Week

Privilege escalation in the Contest Gallery WordPress plugin (versions ≤ 30.0.2) allows authenticated Contributor/Author-level users to overwrite the stored RegistryUserRole option to 'administrator', causing newly registered Google sign-in accounts to be promoted to Administrator. The flaw was disclosed by Wordfence and stems from a missing capability check in the option-saving handler; no public exploit identified at time of analysis.

Privilege Escalation PHP Google +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy