A privilege escalation vulnerability in Contest Gallery Pro allows attackers to gain unauthorized administrative access to the website.

The plugin contains an incorrect privilege assignment flaw, which can be exploited by an authenticated or unauthenticated attacker (depending on configuration) to escalate their privileges to an administrative level.

Privilege escalation grants an attacker full control over the website, potentially leading to unauthorized data access, content modification, or full site takeover. With a CVSS score of 9.8, this is a critical threat to site security.

Immediate Action: Update Contest Gallery Pro to the latest available version to address the privilege assignment logic.

Proactive Monitoring: Audit user account management logs for suspicious promotions or new administrative accounts created without authorization.

Compensating Controls: Use a web application firewall to block requests to plugin-specific endpoints that handle user role or permission assignments.

Public Exploit Available: Unknown

The ability to escalate privileges is a critical security failure. Site administrators should apply the update immediately and review current user lists for any unauthorized administrative accounts that may have been created while the site was vulnerable.