HIGH
contest-gallery
CVE published 2026-05-19
CVE-2026-8912
CVE-2026-8912 is a high-severity SQL injection issue in the Contest Gallery plugin for WordPress. The vulnerable path is the unauthenticated post_cg_gallery_form_upload AJAX action, where user-controlled form_input data can reach a database query without sufficient escaping or preparation. The issue is reachable with a public frontend nonce that is exposed in the source of public gallery pages, which lowe [truncated]