cleantalk
Vulnerabilities and Security Researches

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress, CVE-2025-10383

CVE, Research URL

CVE-2025-10383

Home page URL

Security reports for Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress

Application

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress

Published on
Oct 04, 2025
Research Description
The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form field parameters in all versions up to, and including, 27.0.2. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with author-level access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 27.0.3.
Status
vulnerable
Previous vulnerability researches
Estatik Mortgage Calculator (CVE-2025-48136) , May 18, 2025
Estatik Mortgage Calculator (CVE-2025-26907) , Feb 27, 2025
Estatik Mortgage Calculator (CVE-2023-28490) , Jun 10, 2024
Estatik Mortgage Calculator (CVE-2023-40601) , Jun 10, 2024
Estatik Mortgage Calculator (CVE-2024-9354) , Jan 08, 2025
New vulnerability
Jock On Air Now (CVE-2025-58986) , Nov 10, 2025
Booking Manager (CVE-2025-10124) , Nov 10, 2025
Fade Slider (CVE-2025-49956) , Nov 10, 2025
LearnPress Export Import – WordPress extension for LearnPress (CVE-2025-49992) , Nov 10, 2025
LearnPress Export Import – WordPress extension for LearnPress (CVE-2025-60200) , Nov 10, 2025