CVE-2025-62950 — Cross-Site Request Forgery in Strecker Contestgallery Developer Contest Gallery

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 95.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedNov 6

Description

Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_gallery28.0.0

🔴Vulnerability Details

GHSA

GHSA-f39h-ggv6-wr4j: Cross-Site Request Forgery (CSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Cross Site Reque↗2025-11-06

▶

CVEList

WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability↗2025-11-06

▶