CVE-2026-3180
Blind SQL Injection in Contest Gallery WordPress Plugin Allows Data Exposure
Publication date: 2026-03-02
Last updated on: 2026-03-02
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3180 is a blind SQL Injection vulnerability in the Contest Gallery WordPress plugin, specifically in the parameters 'cgLostPasswordEmail' and 'cgl_mail' in versions up to and including 28.1.4. This vulnerability arises due to insufficient escaping and lack of proper preparation of user-supplied input in SQL queries.
An unauthenticated attacker can exploit this flaw by injecting additional SQL queries through these parameters, allowing them to extract sensitive information from the database without authentication.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to extract sensitive data from your WordPress site's database without needing to authenticate. Since it is a blind SQL Injection, the attacker can craft queries to retrieve confidential information such as user data, credentials, or other sensitive content stored in the database.
The impact is significant because it compromises the confidentiality of your data, potentially leading to data breaches, unauthorized access, and further exploitation of your site.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves blind SQL Injection via the 'cgLostPasswordEmail' and 'cgl_mail' parameters in the Contest Gallery WordPress plugin. Detection involves monitoring for suspicious HTTP requests targeting these parameters, especially POST or GET requests to the lost password AJAX endpoint or other plugin endpoints that accept these parameters."}, {'type': 'paragraph', 'content': "You can detect potential exploitation attempts by inspecting web server logs or using network monitoring tools to look for requests containing unusual SQL syntax or payloads in the 'cgLostPasswordEmail' or 'cgl_mail' parameters."}, {'type': 'list_item', 'content': "Use command-line tools like grep or awk to search web server access logs for requests containing 'cgLostPasswordEmail' or 'cgl_mail'. For example:"}, {'type': 'list_item', 'content': "grep -i 'cgLostPasswordEmail' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -i 'cgl_mail' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': 'Use curl or similar tools to test the endpoint manually by sending crafted requests and observing responses, for example:'}, {'type': 'list_item', 'content': "curl -X POST -d '[email protected]' https://yourwordpresssite.com/wp-admin/admin-ajax.php?action=lost_password"}, {'type': 'paragraph', 'content': "Note that the exact endpoint and parameters may vary; based on the plugin code, the lost password AJAX handler is located at 'users-login-check-ajax-lost-password.php' or similar AJAX endpoints."}] [4, 5]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Contest Gallery WordPress plugin to version 28.1.5 or later, as the vulnerability was patched in versions 28.1.4 (for 'cgLostPasswordEmail') and 28.1.5 (for 'cgl_mail').
Until the update can be applied, consider disabling or restricting access to the lost password functionality or the affected AJAX endpoints to prevent exploitation.
Additionally, monitor logs for suspicious activity targeting the vulnerable parameters and consider implementing Web Application Firewall (WAF) rules to block SQL injection attempts on these parameters.