cvedb.io
CVE-2022-4166
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-12-26T13:15:13.590 · Last modified 2026-06-17T05:20:09.167

Summary

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the addCountS POST parameter before concatenating it to an SQL query in 4_activate.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.

Affected products

contest-gallery — contest_gallery

Does this affect you?

Add your gear to cvedb and we'll alert you only when contest-gallery ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.