CVE-2026-42680
Privilege Escalation in Contest Gallery Pro
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| contest_gallery | contest_gallery_pro | to 29.0.1 (inc) |
| contest_gallery | contest_gallery_pro | From 29.0.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to escalate their privileges and potentially gain full control of the affected website. This could lead to unauthorized access to sensitive data, which may impact compliance with data protection regulations such as GDPR and HIPAA.
Because the flaw falls under OWASP Top 10 category A7 (Identification and Authentication Failures), it indicates weaknesses in authentication mechanisms that are critical for protecting personal and sensitive information required by these standards.
Failure to address this vulnerability promptly could result in breaches of confidentiality, integrity, and availability of data, thereby violating compliance requirements and potentially leading to legal and financial consequences.
Can you explain this vulnerability to me?
CVE-2026-42680 is a high-priority privilege escalation vulnerability in the WordPress Contest Gallery Pro plugin versions 29.0.1 and earlier.
This flaw allows unauthenticated attackers to escalate their privileges, potentially gaining full control of the affected website.
The vulnerability is categorized under OWASP Top 10 A7 (Identification and Authentication Failures), indicating a failure in proper privilege assignment and authentication controls.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized full control over your website.
This can lead to severe consequences including unauthorized data access, modification, deletion, or disruption of website services.
Given the high CVSS score of 9.8, the vulnerability is highly dangerous and likely to be exploited in widespread attacks targeting thousands of websites.
Immediate mitigation is necessary by updating the plugin to version 29.0.2 or later or applying provided mitigation rules.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-42680 vulnerability in the Contest Gallery Pro plugin, you should immediately update the plugin to version 29.0.2 or later.
If you are unable to update the plugin directly, you can apply a mitigation rule provided by Patchstack or seek assistance from your hosting provider.
Taking these steps will help prevent unauthenticated attackers from escalating their privileges and gaining full control of your website.