WordPress Plugin Vulnerabilities

Contest Gallery <= 10.4.4 - Cross-Site Request Forgery (CSRF)

Description

The Contest Gallery – Photo Contest Plugin for WordPress WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
contest-gallery
Fixed in 10.4.5

References

CVE
CVE-2019-5974
URL
https://jvn.jp/en/jp/JVN80925867/index.html

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Okazawa Yoshihiro of Cryptography Laboratory
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
6f8eca93-8e7d-4cb1-ad1b-7bedf063f21f

Timeline

Publicly Published
2019-06-12 (about 6 years ago)
Added
2019-07-09 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-03-11
Title
Featured Posts Grid <= 1.7 - Cross-Site Request Forgery to Cross-Site Scripting
Published
2025-04-24
Title
Custom Functions Plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-05-23
Title
Auto Delete Posts <= 1.3.0 - Arbitrary Settings Update via CSRF
Published
2014-05-07
Title
Photo-Gallery <= 1.2.41 - UploadHandler.php File Upload CSRF
Published
2021-09-20
Title
One User Avatar < 2.3.7 - Avatar Update via CSRF