PatchSiren cyber security CVE debrief
CVE-2026-42656 Wasiliy Strecker CVE debrief
A Subscriber Cross Site Scripting (XSS) vulnerability was found in Contest Gallery <= 28.1.6 versions. This vulnerability has been assigned a CVSS score of 6.5, indicating a Medium severity level. The vulnerability was published on [CVE.org](resourceLinkAnnotations:cve-org) and additional details can be found on [NVD](resourceLinkAnnotations:nvd).
- Vendor
- Wasiliy Strecker
- Product
- Contest Gallery
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Contest Gallery plugin versions <= 28.1.6 should update to a patched version to prevent potential XSS attacks.
Technical summary
The vulnerability is a Cross Site Scripting (XSS) issue in the Contest Gallery plugin, affecting versions up to 28.1.6. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
Medium
Recommended defensive actions
- Update Contest Gallery plugin to a version greater than 28.1.6.
- Review and follow security best practices for WordPress plugins.
Evidence notes
Evidence for this CVE was provided by Patchstack, as noted in the [mitigation or vendor reference](resourceLinkAnnotations:ref-4).
Official resources
-
CVE-2026-42656 CVE record
CVE.org
-
CVE-2026-42656 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42656 was published on 2026-06-15T21:16:55.220Z and modified on 2026-06-15T21:24:32.790Z.