CVE-2022-4158

Name of the Vulnerable Software and Affected Versions Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1

Description The issue arises from the failure to escape the cg Fields POST parameter before it is concatenated to an SQL query in the users-registry-check-registering-and-login.php file. This oversight may allow malicious visitors to leak sensitive information from the site's database.

Recommendations For Contest Gallery WordPress plugin versions prior to 19.1.5.1, update to version 19.1.5.1 or later. For Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1, update to version 19.1.5.1 or later. As a temporary workaround, consider restricting access to the users-registry-check-registering-and-login.php file until a patch is applied. Avoid using the cg Fields parameter in the affected SQL query until the issue is resolved.