CVE-2025-11254

Name of the Vulnerable Software and Affected Versions The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress versions prior to 27.0.4

Description The software is susceptible to CSV Injection through gallery submissions. This allows unauthenticated attackers to embed untrusted input into exported CSV files. Opening these files on a local system with a vulnerable configuration can lead to code execution.

Recommendations Update to version 27.0.4 or later.