WordPress Plugin Vulnerabilities

Contest Gallery Pro < 19.1.5 - Admin+ SQL Injection

Description

The plugin does not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with at administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.

Proof of Concept

Affects Plugins

Plugin icon
contest-gallery-pro
Fixed in 19.1.5

References

CVE
CVE-2022-4154
URL
https://bulletin.iese.de/post/contest-gallery_19-1-4-1_5

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Kunal Sharma (University of Kaiserslautern), Daniel Krohmer (Fraunhofer IESE)
Submitter
Kunal Sharma
Submitter website
https://iese.fraunhofer.de/en.html
Verified
Yes
WPVDB ID
dac32ed4-d3df-420a-a2eb-9e7d2435826a

Timeline

Publicly Published
2022-12-05 (about 3 years ago)
Added
2022-12-05 (about 3 years ago)
Last Updated
-0001-11-30 (about 2026 years ago)

Other

Published
Title
Published
2023-11-06
Title
GD Security Headers < 1.7.1 - Admin+ SQLi
Published
2015-11-24
Title
WordPress Meta Robots <= 2.1 - Authenticated Blind SQL Injection
Published
2021-05-27
Title
Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection
Published
2025-08-05
Title
CleverReach WP < 1.5.21 - Unauthenticated SQL Injection via title Parameter
Published
2015-11-24
Title
Huge IT Google Map <= 2.2.5 - Authenticated SQL Injection