Vulnerability Description
The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the `cg_check_wp_admin_upload_v10` AJAX action for both authenticated and unauthenticated users without implementing capability checks or nonce verification. This makes it possible for unauthenticated attackers to inject arbitrary WordPress media attachments into galleries and manipulate gallery metadata via the `cg_check_wp_admin_upload_v10` action. It does not enable an attacker to move or upload files.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.0.2/v10/inclu
- https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.0.2/v10/inclu
- https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.0.2/v10/inclu
- https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.0.2/v10/v10-a
- https://plugins.trac.wordpress.org/browser/contest-gallery/tags/28.0.2/v10/v10-a
- https://wordpress.org/plugins/contest-gallery/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e000c4ad-43ec-4ad0-89f
FAQ
What is CVE-2025-12849?
CVE-2025-12849 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Contest Gallery plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 28.0.2. This is due to the plugin registering the `cg_check_wp_admin_upload_v10` AJ...
How severe is CVE-2025-12849?
CVE-2025-12849 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-12849?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.