Elymaro

**Name of the Vulnerable Software and Affected Versions** The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress versions prior to 27.0.4 **Description** The software is susceptible to CSV Injection through gallery submissions. This allows unauthenticated attackers to embed untrusted input into exported CSV files. Opening these files on a local system with a vulnerable configuration can lead to code execution. **Recommendations** Update to version 27.0.4 or later.