Impact
The Contest Gallery WordPress plugin up to version 28.1.7 contains an unauthenticated vulnerability of an unspecified type. The CVE description does not detail the precise impact, so it is unclear what functional or security consequences an attacker could achieve. The only information available indicates that the flaw can be triggered without user credentials, suggesting the possibility of unauthorized interaction with the plugin endpoints, but the exact consequences are not defined.
Affected Systems
The vulnerability affects the WordPress Contest Gallery plugin released by Wasiliy Strecker. Versions up to and including 28.1.7 are impacted. The plugin is deployed within WordPress sites, and the issue exists on any host that has the vulnerable plugin installed regardless of the underlying platform.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate severity vulnerability that could allow unauthenticated interaction. However, the EPSS score of less than 1% shows a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The nature of the flaw implies it can be triggered via unauthenticated web requests to the plugin, but no confirmed exploitation instances are reported.
OpenCVE Enrichment