CVE-2026-24964 — Server-Side Request Forgery in Strecker Contestgallery Developer Contest Gallery

CWE-918 — Server-Side Request Forgery4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

0.0%

top 92.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedMar 25

Description

Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.1.2.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:NExploitability: 3.1 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_galleryn/a — <= 28.1.2.1

🔴Vulnerability Details

CVEList

WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnerability↗2026-03-25

▶

GHSA

GHSA-4f94-fq23-hch4: Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Req↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24964 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶