Plataforma
wordpress
Componente
contest-gallery
Corregido en
28.1.6
CVE-2026-4021 is a privilege escalation vulnerability affecting the Contest Gallery WordPress plugin. This flaw allows an attacker to bypass authentication and potentially gain administrative control over a WordPress site. The vulnerability exists in versions 0.0.0 through 28.1.5 and is addressed in version 28.1.6.
The core of this vulnerability lies in the plugin's email confirmation handler and an unauthenticated login endpoint. Specifically, the users-registry-check-after-email-or-pin-confirmation.php file uses the user's email string directly within a WHERE ID = %s clause, allowing an attacker to manipulate the query. Combined with the unauthenticated key-based login endpoint in ajax-functions-frontend.php, an attacker can register with a crafted email that includes the target user's ID, effectively impersonating that user. If the RegMailOptional=1 setting is enabled, this attack becomes even easier. Successful exploitation grants the attacker full administrative privileges, enabling them to modify site content, install malicious plugins, and compromise sensitive data.
CVE-2026-4021 was publicly disclosed on 2026-03-23. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the relatively straightforward nature of the bypass. The ease of exploitation makes this a high-priority vulnerability to address, especially for sites with sensitive data or critical functionality.
WordPress sites utilizing the Contest Gallery plugin, particularly those with the RegMailOptional=1 setting enabled, are at significant risk. Shared hosting environments where plugin updates are not consistently managed are also highly vulnerable. Sites relying on the plugin for user registration or content submission are especially susceptible to compromise.
• wordpress / plugin:
grep -r "users-registry-check-after-email-or-pin-confirmation.php" /var/www/html/wp-content/plugins/contest-gallery/• wordpress / plugin:
grep -r "ajax-functions-frontend.php" /var/www/html/wp-content/plugins/contest-gallery/• wordpress / plugin:
wp plugin list | grep contest-gallery• wordpress / plugin:
wp plugin update contest-gallerydisclosure
Estado del Exploit
EPSS
0.14% (34% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-4021 is to immediately upgrade the Contest Gallery plugin to version 28.1.6 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily disabling the RegMailOptional setting. While this doesn't directly address the authentication bypass, it significantly reduces the attack surface. Monitor WordPress access logs for suspicious registration attempts, particularly those involving unusual email addresses. Implement a Web Application Firewall (WAF) with rules to block requests to the vulnerable endpoints (users-registry-check-after-email-or-pin-confirmation.php and ajax-functions-frontend.php) with crafted email parameters. After upgrading, confirm the fix by attempting to register a new user with a crafted email containing a numeric user ID to verify that the authentication bypass is no longer possible.
Actualizar a la versión 28.1.6, o una versión parcheada más reciente
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-4021 is a HIGH severity vulnerability in the Contest Gallery WordPress plugin allowing attackers to bypass authentication and gain admin access.
You are affected if you are using Contest Gallery plugin versions 0.0.0 through 28.1.5. Upgrade to 28.1.6 to resolve the issue.
Upgrade the Contest Gallery plugin to version 28.1.6 or later. Temporarily disable RegMailOptional as a workaround.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests it is likely to be targeted.
Refer to the official Contest Gallery plugin website or WordPress plugin repository for the latest advisory and update information.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.