CVE-2026-25035 — Authentication Bypass Using an Alternate Path or Channel in Strecker Contestgallery Developer Contest Gallery

CWE-288 — Authentication Bypass Using an Alternate Path or Channel4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 79.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wasiliy Strecker Contestgallery Developer Contest Gallery

Timeline

PublishedMar 25

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Authentication Abuse.This issue affects Contest Gallery: from n/a through <= 28.1.2.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5wasiliy_strecker/contestgallery_developer_contest_galleryn/a — <= 28.1.2.2

🔴Vulnerability Details

GHSA

GHSA-4f6x-h73m-pq6f: Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery↗2026-03-25

▶

CVEList

WordPress Contest Gallery plugin <= 28.1.2.2 - Account Takeover vulnerability↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25035 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶