CVE-2022-4154

Name of the Vulnerable Software and Affected Versions Contest Gallery Pro WordPress plugin versions prior to 19.1.5

Description The issue allows malicious users with administrator privileges to potentially leak sensitive information from the site's database. This is due to the failure to escape the wp user id GET parameter before it is concatenated to an SQL query in the management-show-user.php file.

Recommendations For versions prior to 19.1.5, update to version 19.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the management-show-user.php file to minimize the risk of exploitation. Avoid using the wp user id parameter in the affected endpoint until the issue is resolved.