CVE-2025-62950 PoC — WordPress plugin Contest Gallery 安全漏洞

Source

Associated Vulnerability

Description

CVE-2025-10720 PoC 

Readme

## Description 
This proof of concept (PoC) describes a Cross-Site Request Forgery (CSRF) vulnerability found in the **Contest Gallery – Upload, Vote & Sell with PayPal and Stripe v. 26.1.2** plugin. The issue allows an attacker to trick an authenticated user into executing a crafted request that unintentionally deletes a gallery item without their consent, leading to unauthorized content loss and affecting data integrity.
## Details
- **Vulnerability Type**: Cross-Site Request Forgery (CSRF)
- **Affected Plugin**: ![Contest Gallery – Upload, Vote & Sell with PayPal and Stripe v. 26.1.2](https://wordpress.org/plugins/contest-gallery/)
## Impact
An attacker could trigger unintended operations, specifically the deletion of gallery items—without the user’s awareness or explicit permission. Successful exploitation may lead to unauthorized content removal and poses a risk to data integrity within the system.
## References
- [WPScan](https://wpscan.com/vulnerability/09aad613-162c-41f3-bf91-80fe733771f9/])

File Snapshot

 [4.0K]  /data/pocs/24c3b30cd5a091719fa0f3472a8965eee30dc01f
├── [4.4K]  CSRF in Content Gallery Plugin.md
├── [1.0K]  exploit.html
├── [4.0K]  images
│   ├── [788K]  check.png
│   ├── [1005K]  edit-options.png
│   ├── [652K]  exploit.png
│   ├── [459K]  gallery-creation.png
│   ├── [139K]  no-entries.png
│   ├── [1.7M]  payload-creation.png
│   ├── [540K]  plugin-activated.png
│   ├── [820K]  request.png
│   ├── [257K]  seubscriber-access.png
│   ├── [495K]  trash-button.png
│   ├── [301K]  upload-image.png
│   └── [213K]  users.png
└── [1.0K]  README.md

2 directories, 15 files

Remarks