Description
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation.

This issue affects Contest Gallery Pro: from n/a through 29.0.1.
Published: 2026-06-01
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an incorrect privilege assignment flaw that enables an attacker to elevate their privileges within the WordPress Contest Gallery Pro plugin. By exploiting this weakness, a user with lower-level access can gain administrative capabilities over the plugin’s data and functionality, potentially compromising site settings and content.

Affected Systems

The affected product is the Contest Gallery Pro plugin for WordPress, version 29.0.1 and all earlier releases. The vulnerability is present from the earliest vendor release through 29.0.1, impacting any site that has not upgraded past that point.

Risk and Exploitability

The CVSS score is 9.8, indicating critical severity. The EPSS score is not available, so the current exploitation probability cannot be quantified, and the vulnerability is not listed in CISA's KEV catalog. Based on the description, the likely attack vector requires an authenticated user with any level of access to the WordPress backend, who can then trigger high‑privilege actions through the plugin. Successful exploitation results in complete control of the plugin, allowing the attacker to modify or delete content, change user roles, or otherwise undermine site integrity.

Generated by OpenCVE AI on June 1, 2026 at 16:21 UTC.

Remediation

Vendor Solution

Update the WordPress Contest Gallery Pro Plugin to the latest available version (at least 29.0.2).

OpenCVE Recommended Actions

  • Update the WordPress Contest Gallery Pro Plugin to version 29.0.2 or later.
  • Remove or disable any instances of the plugin that remain at version 29.0.1 or earlier until the patch is applied.
  • Revoke or restrict administrative privileges on the WordPress site to trusted personnel only, ensuring that only necessary users can interact with the Contest Gallery Pro plugin.

Generated by OpenCVE AI on June 1, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1.
Title WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-01T16:17:52.856Z

Reserved: 2026-04-29T09:04:56.882Z

Link: CVE-2026-42680

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-01T15:16:35.733

Modified: 2026-06-01T16:41:55.090

Link: CVE-2026-42680

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T16:30:06Z

Weaknesses