{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25035", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:52:08.058Z", "datePublished": "2026-03-25T16:14:39.024Z", "dateUpdated": "2026-03-26T17:36:16.990Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "contest-gallery", "product": "Contest Gallery", "vendor": "Wasiliy Strecker / ContestGallery developer", "versions": [{"changes": [{"at": "28.1.3", "status": "unaffected"}], "lessThanOrEqual": "<= 28.1.2.2", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "daroo | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:20.042Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.<p>This issue affects Contest Gallery: from n/a through <= 28.1.2.2.</p>"}], "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "Authentication Abuse"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:39.024Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-2-2-account-takeover-vulnerability?_s_id=cve"}], "title": "WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T17:36:08.891907Z", "id": "CVE-2026-25035", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:36:16.990Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25035", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T17:36:08.891907Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:34:46.583Z"}}], "cna": {"title": "WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "daroo | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "Authentication Abuse"}]}], "affected": [{"vendor": "Wasiliy Strecker / ContestGallery developer", "product": "Contest Gallery", "versions": [{"status": "affected", "changes": [{"at": "28.1.3", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 28.1.2.2"}], "packageName": "contest-gallery", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-25T17:12:20.042Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-2-2-account-takeover-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2.", "supportingMedia": [{"type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.<p>This issue affects Contest Gallery: from n/a through <= 28.1.2.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:39.024Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25035", "state": "PUBLISHED", "dateUpdated": "2026-03-26T17:36:16.990Z", "dateReserved": "2026-01-28T09:52:08.058Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:14:39.024Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2."}, {"lang": "es", "value": "Omisi\u00f3n de autenticaci\u00f3n Usando una Ruta o Canal Alternativo vulnerabilidad en Wasiliy Strecker / el desarrollador de ContestGallery Contest Gallery contest-gallery permite el Abuso de Autenticaci\u00f3n. Este problema afecta a Contest Gallery: desde n/a hasta &lt;= 28.1.2.2."}], "id": "CVE-2026-25035", "lastModified": "2026-03-26T18:16:27.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T17:16:43.377", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-2-2-account-takeover-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,28.1.2.2]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "28.1.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Contest Gallery", "source": "cna", "vendor": "Wasiliy Strecker / ContestGallery developer"}, "product": "contest_gallery", "vendor": "wasiliy_strecker_/_contestgallery_developer"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T18:09:58.920312+00:00", "value": {"mitigation_remediation": ["Apply the latest Contest Gallery plugin patch (any version newer than 28.1.2.2).", "Review and strengthen user account permissions after updating.", "If an immediate update is not possible, disable or remove the Contest Gallery plugin to block exploitation."], "summary": {"action": "Patch Now", "impact": "Account takeover via authentication bypass"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress Contest Gallery plugin, version 28.1.2.2 and earlier. The plugin is developed by Wasiliy Strecker under the ContestGallery brand and is deployed on WordPress sites that use this plugin. All users of these versions are potentially vulnerable.", "description_and_impact": "The vulnerability in the Contest Gallery plugin allows attackers to bypass authentication by exploiting an alternate path, thereby enabling them to assume control of any user account. This flaw falls under improper authentication (CWE\u2011288) and can lead to full account takeover, granting unauthorized data access, malicious content uploads, or destruction of user data. Because the plugin fails to enforce proper session validation, attackers can impersonate legitimate users without needing credentials.", "risk_and_exploitability": "The CVSS score is not provided, but authentication bypass represents a high risk, allowing attackers to gain complete control over affected accounts. The EPSS score is unavailable, and the issue is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote through the plugin\u2019s web interface, where attackers can send crafted requests to trigger the bypass. The vulnerability does not require privileged local access or additional software, making it relatively easy to exploit for adversaries with front\u2011end access or a compromised user account."}}}}, "created": "2026-03-25T21:34:09.851681+00:00", "updated": "2026-03-26T11:39:24.917967+00:00", "vendors": ["wasiliy_strecker_/_contestgallery_developer", "wasiliy_strecker_/_contestgallery_developer$PRODUCT$contest_gallery", "wordpress", "wordpress$PRODUCT$wordpress"]}