From POC to Patch: Analyzing the Contest Gallery 28.1.4 Vulnerability

The Contest Gallery WordPress plugin, version 28.1.4, contains a critical Boolean-Blind SQL Injection...

giovedì 4 giugno 2026 New tab

662 words~3 min read

The Contest Gallery WordPress plugin, version 28.1.4, contains a critical Boolean-Blind SQL Injection vulnerability in the admin-ajax.php endpoint. An unauthenticated attacker can exploit this flaw to manipulate SQL queries, invalidate user activation keys, and compromise database integrity.

Root Cause

The vulnerability resides in the function responsible for resending confirmation emails (post_cg1l_resend_unconfirmed_mail_frontend). The cgl_mail parameter is received via POST and handled as follows:

$ReceiverMail = sanitize_email($_POST['cgl_mail']);

$wpdb->get_row("SELECT ... WHERE Field_Content = '$ReceiverMail'");

From POC to Patch: Analyzing the Contest Gallery 28.1.4 Vulnerability

From POC to Patch: Analyzing the Contest Gallery 28.1.4 Vulnerability

Other newsrooms on this story

Related reading

Drupal: Critical SQL injection flaw now targeted in attacks

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over…

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Avada Builder WordPress plugin flaws allow site credential theft

Critical Everest Forms Pro flaw exploited to take over WordPress sites

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Other newsrooms on this story

Related reading

Drupal: Critical SQL injection flaw now targeted in attacks

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over…

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Avada Builder WordPress plugin flaws allow site credential theft

Critical Everest Forms Pro flaw exploited to take over WordPress sites

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts