Login Sign Up

CVE-2025-12849

5.3 MEDIUM
Authentication Bypass

📋 TL;DR

The Contest Gallery WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to inject arbitrary media attachments into galleries and manipulate gallery metadata. This affects all WordPress sites using Contest Gallery versions up to and including 28.0.2. Attackers can modify gallery content without authentication.

💻 Affected Systems

Products:
  • Contest Gallery WordPress Plugin
Versions: All versions up to and including 28.0.2
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with Contest Gallery plugin enabled are vulnerable by default.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could inject malicious media files into galleries, potentially serving malware or inappropriate content to visitors, and manipulate gallery metadata to disrupt site functionality.

🟠

Likely Case

Attackers inject spam or inappropriate images into galleries, defacing the website and potentially damaging the site owner's reputation.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to temporary gallery content manipulation that can be detected and reverted.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted AJAX requests to the vulnerable endpoint without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 28.0.3 or later

Vendor Advisory: https://wordpress.org/plugins/contest-gallery/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Contest Gallery plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable AJAX endpoint

all

Remove or restrict access to the cg_check_wp_admin_upload_v10 AJAX action

Add to theme's functions.php or custom plugin: remove_action('wp_ajax_nopriv_cg_check_wp_admin_upload_v10', 'cg_check_wp_admin_upload_v10');

Web Application Firewall rule

all

Block requests to the vulnerable AJAX endpoint

WAF rule to block: POST requests containing 'action=cg_check_wp_admin_upload_v10' from unauthenticated users

🧯 If You Can't Patch

  • Temporarily disable Contest Gallery plugin until patched
  • Implement strict network access controls to limit AJAX endpoint exposure

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Contest Gallery version. If version is 28.0.2 or lower, system is vulnerable.

Check Version:

wp plugin list --name=contest-gallery --field=version (if WP-CLI installed)

Verify Fix Applied:

Verify Contest Gallery plugin version is 28.0.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action=cg_check_wp_admin_upload_v10 from unauthenticated IPs
  • Unusual media attachment activity in gallery logs

Network Indicators:

  • HTTP POST requests to admin-ajax.php with cg_check_wp_admin_upload_v10 parameter from external IPs

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="cg_check_wp_admin_upload_v10" AND user="-"

📊 Metadata

CVE ID: CVE-2025-12849
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-862
EPSS Score: 0.15% exploit probability (35.3th percentile)
Published: November 15, 2025
Last Updated: November 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12849, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)