PatchSiren cyber security CVE debrief
CVE-2026-42657 Wasiliy Strecker CVE debrief
CVE-2026-42657 is an unauthenticated other vulnerability type affecting Contest Gallery versions up to 28.1.7. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. It was published on 2026-06-15T21:16:55.333Z and modified on 2026-06-15T21:24:32.790Z.
- Vendor
- Wasiliy Strecker
- Product
- Contest Gallery
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Contest Gallery versions up to 28.1.7 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is described as an unauthenticated other vulnerability type in Contest Gallery versions up to 28.1.7. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating a medium severity vulnerability that can be exploited over the network without authentication.
Defensive priority
MEDIUM
Recommended defensive actions
- Update Contest Gallery to a version that is not vulnerable.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/contest-gallery/vulnerability/wordpress-contest-gallery-plugin-28-1-7-other-vulnerability-type-vulnerability?_s_id=cve) for mitigation or vendor reference
Evidence notes
The vendor and product information is not confirmed, but there is a reference to Patchstack.
Official resources
-
CVE-2026-42657 CVE record
CVE.org
-
CVE-2026-42657 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42657 was published on 2026-06-15T21:16:55.333Z and modified on 2026-06-15T21:24:32.790Z.