cleantalk
Vulnerabilities and Security Researches

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress, CVE-2025-48291

CVE, Research URL

CVE-2025-48291

Home page URL

Security reports for Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress

Application

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress

Published on
Jul 16, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery allows Stored XSS. This issue affects Contest Gallery: from n/a through 26.0.6.
Affected versions
Min -, max 26.0.7.
Status
vulnerable
Previous vulnerability researches
BuddyForms Form Elements for WooCommerce (39d1f22f-ea34-4d94-9dc2-12661cf69d36) , Jun 07, 2024
New vulnerability
Knowledge Base (CVE-2025-7431) , Jul 18, 2025
Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin (CVE-2025-48150) , Jul 18, 2025
Infility Global (CVE-2025-47652) , Jul 18, 2025
WP-BusinessDirectory – Business directory plugin for WordPress (CVE-2025-24759) , Jul 18, 2025
Vertical scroll image slideshow gallery (CVE-2025-5752) , Jul 18, 2025