CVE-2026-42680— WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
Possible ATT&CK Techniques 1AI
T1078 · Valid AccountsAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wasiliy Strecker / ContestGallery developer | Contest Gallery Pro | n/a≤ 29.0.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42680
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权授予不正确
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Wasiliy Strecker / ContestGallery developer | Contest Gallery Pro | n/a ~ 29.0.1 | - |
II. Public POCs for CVE-2026-42680
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42680
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-42680 (1)
IV. Related Vulnerabilities
Same vendor: Wasiliy Strecker / ContestGallery developer
- CVE-2026-25035
WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeo - CVE-2026-24964
WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side R - CVE-2026-24965
WordPress Contest Gallery plugin <= 28.1.1 - Broken Access C - CVE-2025-62950
WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Requ - CVE-2025-48291
WordPress Contest Gallery <= 26.0.6 - Cross Site Scripting (
Same weakness: CWE-266
- CVE-2026-48879
WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulne - CVE-2026-35671
phpMyFAQ - Insecure Direct Object Reference in User Password - CVE-2026-9795
Keycloak: keycloak: privilege escalation via improper scope - CVE-2026-42758
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Esca - CVE-2026-42731
WordPress miniorange otp verification plugin <= 5.4.9 - Priv
V. Comments for CVE-2026-42680
No comments yet