A high-severity privilege escalation vulnerability in the Contest Gallery WordPress plugin allows authenticated users to gain unauthorized administrative access.

The plugin suffers from a privilege escalation flaw due to insufficient authorization checks. An authenticated attacker can leverage this vulnerability to gain higher-level permissions than those originally assigned to their account.

Successful exploitation allows an attacker to gain administrative control over the WordPress site. This can lead to complete site takeover, unauthorized data access, modification of content, and potential injection of malicious scripts, resulting in significant reputational and operational damage. The CVSS score of 8.8 reflects the high severity of unauthorized privilege acquisition.

Immediate Action: Update the Contest Gallery plugin to the latest version provided by the vendor immediately.

Proactive Monitoring: Review WordPress user account logs for suspicious account activity or unauthorized elevation of roles.

Compensating Controls: Utilize a Web Application Firewall (WAF) with rules configured to detect and block suspicious administrative requests or unauthorized parameter manipulation.

Public Exploit Available: false

Given the potential for complete site compromise, administrators should treat this vulnerability with high urgency. Immediately audit existing user roles and apply available plugin updates to mitigate the risk of unauthorized privilege escalation.