Impact
The vulnerability allows an authenticated user with author-level access to overwrite a plugin configuration option, promoting a newly registered Google user account to an administrator. This flaw stems from improper privilege assignment: the plugin registers an admin menu at a lesser capability level, accepts a nonce without checking user capabilities, and accepts the role value without an allowlist. The consequence is that an attacker can gain full site administration rights, enabling arbitrary changes, data exfiltration, or further compromise.
Affected Systems
The affected product is the Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress. Versions up to and including 30.0.2 are vulnerable. WordPress sites running any of these plugin releases are at risk.
Risk and Exploitability
The CVSS score of 8.8 classifies the issue as High severity, yet the EPSS score of less than 1% indicates a very low probability of exploitation in the wild. The flaw is not currently listed in CISA’s KEV catalog, but it can be exploited by any authenticated user who can access the plugin’s admin pages. An attacker can submit crafted requests to the option-saving handler, change RegistryUserRole to "administrator", and have that value applied through a user creation routine, thereby achieving full site control.
OpenCVE Enrichment