Does Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe have any unpatched vulnerabilities?

No. All known vulnerabilities in Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe compatible with WordPress 6.9.4?

According to WordPress.org data, Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 28.1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Security & Risk Analysis

wordpress.org/plugins/contest-gallery

JPG, PNG, MP4, MP3, PDF, ZIP & more. Create voting & uploading galleries for photos & media. Social Share, User Registration & Sell via PayPal/Stripe.

1K active installs v28.1.5 PHP + WP 5.6+ Updated Mar 1, 2026

competitioncontestopenaiphoto-contestvoting

B · Generally Safe

CVEs total36

Unpatched0

Last CVEMar 23, 2026

Plugin page Download

Safety Verdict

Is Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Safe to Use in 2026?

Mostly Safe

Score 76/100

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe is generally safe to use. 36 past CVEs were resolved. Keep it updated.

36 known CVEsLast CVE: Mar 23, 2026Updated 1mo ago

Risk Assessment

The Contest Gallery plugin v28.1.5 presents a significantly high security risk due to a large attack surface with a substantial number of unprotected AJAX handlers. The static analysis reveals that 79 out of 80 AJAX handlers lack proper authentication checks, creating a wide entry point for potential abuse. Furthermore, the plugin exhibits concerning code quality signals, with a high volume of dangerous function usage (specifically `unserialize`) and a very low percentage of properly escaped outputs. The taint analysis highlights this, with a high number of flows containing unsanitized paths, 42 of which are classified as high severity. This combination of unprotected entry points and insecure code practices strongly suggests a high likelihood of exploitable vulnerabilities.

The plugin's vulnerability history is alarming, with 33 known CVEs, including 5 critical and 6 high-severity issues. The prevalence of common vulnerability types such as Missing Authorization, CSRF, XSS, and SQL Injection further corroborates the identified code quality concerns. While there are currently no unpatched vulnerabilities, the sheer number and severity of past issues, coupled with the ongoing code-level risks, indicate a pattern of recurring security weaknesses. The last reported vulnerability in 2026 also suggests potential issues with timely security patching.

In conclusion, the Contest Gallery plugin v28.1.5 has a poor security posture. The extensive unprotected attack surface, numerous dangerous code patterns, and a troubling history of critical and high-severity vulnerabilities make it a high-risk plugin. While the use of prepared statements for SQL is a positive signal, it is heavily overshadowed by the multitude of critical security flaws and insecure coding practices.

Key Concerns

Large attack surface without auth checks
High count of dangerous function calls (unserialize)
Low percentage of properly escaped outputs
High number of flows with unsanitized paths
High severity taint flows
Numerous past critical vulnerabilities
Numerous past high vulnerabilities
Common vulnerability types (Auth, CSRF, XSS, SQLi)
Low number of nonce checks
Low number of capability checks

Vulnerabilities

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

2 CVEs in 2021

2021

4 CVEs in 2022

2022

2 CVEs in 2023

2023

12 CVEs in 2024

2024

10 CVEs in 2025

2025

5 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

36 total CVEs

CVE-2026-4021high · 8.1Improper Authentication

Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion

Mar 23, 2026 Patched in 28.1.6 (9d)

CVE-2026-25035medium · 5.3Missing Authorization

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.2 - Missing Authorization

Mar 23, 2026 Patched in 28.1.3 (11d)

CVE-2026-24964medium · 6.4Server-Side Request Forgery (SSRF)

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe <= 28.1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

Mar 10, 2026 Patched in 28.1.2.2 (10d)

CVE-2026-3180high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Contest Gallery <= 28.1.4 - Unauthenticated SQL Injection

Mar 2, 2026 Patched in 28.1.5 (1d)

CVE-2026-24965medium · 4.3Missing Authorization

Contest Gallery <= 28.1.1 - Missing Authorization

Jan 9, 2026 Patched in 28.1.2 (33d)

CVE-2025-12849medium · 5.3Missing Authorization

Contest Gallery <= 28.0.2 - Missing Authorization

Nov 14, 2025 Patched in 28.0.3 (1d)

CVE-2025-62950medium · 4.3Cross-Site Request Forgery (CSRF)

Contest Gallery <= 28.0.0 - Cross-Site Request Forgery

Oct 12, 2025 Patched in 28.0.1 (19d)

CVE-2025-11254medium · 4.3Improper Neutralization of Formula Elements in a CSV File

Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.3 - Unauthenticated CSV Injection

Oct 10, 2025 Patched in 28.0.0 (1d)

CVE-2025-10383medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery – Upload, Vote & Sell with PayPal and Stripe <= 27.0.2 - Authenticated (Author+) Stored Cross-Site Scripting

Oct 3, 2025 Patched in 27.0.3 (1d)

CVE-2025-7725high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting

Jul 31, 2025 Patched in 26.1.1 (1d)

CVE-2025-48291medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 26.0.6 - Reflected Cross-Site Scripting

Jul 11, 2025 Patched in 26.0.7 (6d)

CVE-2025-6716medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting

Jul 10, 2025 Patched in 26.0.9 (1d)

CVE-2025-3862medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

May 7, 2025 Patched in 26.0.7 (1d)

CVE-2025-1513high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting

Feb 27, 2025 Patched in 26.0.1 (1d)

CVE-2025-22693medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Contest Gallery <= 25.1.0 - Authenticated (Author+) SQL Injection

Jan 31, 2025 Patched in 25.1.2 (4d)

CVE-2024-56237medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 24.0.3 - Authenticated (Author+) Stored Cross-Site Scripting

Dec 30, 2024 Patched in 24.0.4 (10d)

CVE-2024-11103critical · 9.8Weak Password Recovery Mechanism for Forgotten Password

Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover

Nov 27, 2024 Patched in 24.0.8 (1d)

CVE-2024-10687critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection

Nov 4, 2024 Patched in 24.0.4 (1d)

CVE-2024-43283medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Contest Gallery <= 23.1.2 - Unauthenticated Information Exposure

Aug 16, 2024 Patched in 23.1.3 (7d)

CVE-2024-39631medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 23.1.2 - Unauthenticated Stored Cross-Site Scripting

Jul 24, 2024 Patched in 23.1.3 (9d)

CVE-2024-32778medium · 4.3Missing Authorization

Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion

Apr 22, 2024 Patched in 21.3.5 (8d)

CVE-2024-30428medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 21.3.5 - Reflected Cross-Site Scripting

Mar 28, 2024 Patched in 21.3.6 (7d)

CVE-2024-30238critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection

Mar 26, 2024 Patched in 21.3.2.1 (43d)

CVE-2024-30236critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection

Mar 26, 2024 Patched in 21.3.5 (43d)

CVE-2024-1487medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress <= 21.3.0 - Authenticated (Author+) Stored Cross-Site Scripting

Feb 14, 2024 Patched in 21.3.1 (71d)

CVE-2024-24887medium · 4.3Cross-Site Request Forgery (CSRF)

Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery

Feb 5, 2024 Patched in 21.2.9 (4d)

WF-f2b5213d-fdc5-4c98-9a05-15d83bd7308f-contest-gallerymedium · 4.7Cross-Site Request Forgery (CSRF)

Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery

Jan 9, 2024 Patched in 21.2.9 (14d)

CVE-2023-5307medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery < 21.2.8.1 - Unauthenticated Stored Cross-Site Scripting via headers

Oct 10, 2023 Patched in 21.2.8.1 (105d)

CVE-2023-28784medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting

Mar 27, 2023 Patched in 21.1.2.1 (302d)

CVE-2022-45848medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 13.1.0.9 - Cross-Site Scripting

Nov 23, 2022 Patched in 14.0.0 (426d)

CVE-2022-36394high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Contest Gallery <= 17.0.4 - Authenticated (Author+) SQL Injection

Aug 9, 2022 Patched in 17.0.5 (532d)

WF-1f9d8bbe-205f-44b6-a0c6-89b9135e6363-contest-galleryhigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Contest Gallery – Files Upload and Contest Plugin for WordPress <= 17.0.4 - Admin+ SQL Injection

Jun 1, 2022 Patched in 17.0.5 (601d)

CVE-2021-24915critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Contest Gallery – Photo Contest Plugin for WordPress <= 13.1.0.5 - SQL Injection

Apr 13, 2022 Patched in 13.1.0.6 (650d)

CVE-2022-27853medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Contest Gallery <= 13.1.0.9 - Authenticated (Author+) Stored Cross-Site Scripting

Dec 20, 2021 Patched in 14.0.0 (763d)

WF-7759b209-4211-4ee5-ae7a-42645f5d5e96-contest-gallerymedium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Contest Gallery < 13.1.0.7 - Authenticated Email Address Disclosure

Nov 1, 2021 Patched in 13.1.0.7 (813d)

CVE-2019-5974high · 8.8Cross-Site Request Forgery (CSRF)

Contest Gallery – Photo Contest Plugin for WordPress <= 10.4.4 - Cross-Site Request Forgery

Jun 12, 2019 Patched in 10.4.5 (1686d)

Code Analysis

Analyzed Mar 16, 2026

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Code Analysis

Dangerous Functions

126

Raw SQL Queries

635

904 prepared

Unescaped Output

3480

996 escaped

Nonce Checks

Capability Checks

File Operations

512

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$MultipleFiles = unserialize($realIdRow->MultipleFiles);ajax\ajax-functions-backend.php:114

unserialize$MultipleFiles = unserialize($realIdRow->MultipleFiles);ajax\ajax-functions-backend.php:215

unserialize$MultipleFiles = unserialize($realIdRow->MultipleFiles);ajax\ajax-functions-backend.php:229

unserialize$form->Field_Content = unserialize($form->Field_Content);ajax\ajax-functions-backend.php:312

unserialize$WpUploadFilesPostMeta = unserialize($wpdb->get_var("SELECT WpUploadFilesPostMeta FROM $tablename_ecfunctions\ecommerce\backend\gallery\cg-download-file-ecommerce-sale-folder.php:20

unserialize$WpUploadFilesPosts = unserialize($wpdb->get_var("SELECT WpUploadFilesPosts FROM $tablename_ecommercfunctions\ecommerce\backend\gallery\cg-download-file-ecommerce-sale-folder.php:21

unserialize$LogForDatabase = unserialize($saleOrder->LogForDatabase);functions\ecommerce\backend\gallery\cg-ecommerce-export-orders.php:177

unserialize$sqlObjectFileEcommerceEntry->WpUploadFilesForSale = unserialize($sqlObjectFileEcommerceEntry->WpUplfunctions\ecommerce\backend\gallery\cg-ecommerce-sell-activate.php:198

unserialize$WpUploadFilesPosts = unserialize($sqlObjectFileEcommerceEntry->WpUploadFilesPosts);functions\ecommerce\backend\gallery\cg-move-file-ecommerce-sell-folder.php:28

unserialize$WpUploadFilesPostMeta = unserialize($sqlObjectFileEcommerceEntry->WpUploadFilesPostMeta);functions\ecommerce\backend\gallery\cg-move-file-ecommerce-sell-folder.php:40

unserializeforeach (unserialize($sqlObjectFileEcommerceEntry->WpUploadFilesPosts) as $WpUploadFilesPostId => $Wfunctions\ecommerce\backend\gallery\cg-move-file-ecommerce-sell-folder.php:61

unserialize$MultipleFiles = unserialize($sqlObjectFile->MultipleFiles);functions\ecommerce\backend\gallery\cg-move-file-ecommerce-sell-folder.php:81

unserialize$WpMetaAttachedFileMetasArray[$WpMetaAttachedFileMeta->post_id] = unserialize($WpMetaAttachedFileMetfunctions\ecommerce\backend\gallery\cg-move-file-ecommerce-sell-folder.php:153

unserialize$WpUploadFilesPostMeta[$WpUploadId]['_wp_attachment_metadata'] = unserialize($WpMetaAttachedFileMetafunctions\ecommerce\backend\gallery\cg-move-file-ecommerce-sell-folder.php:182

unserialize$WpUploadFilesPosts = unserialize($ecommerceFile->WpUploadFilesPosts);functions\ecommerce\backend\gallery\cg-move-file-from-ecommerce-sell-folder.php:47

unserialize$WpUploadFilesPostMeta = unserialize($ecommerceFile->WpUploadFilesPostMeta);functions\ecommerce\backend\gallery\cg-move-file-from-ecommerce-sell-folder.php:48

unserialize$WpUploadFilesForSale = unserialize($ecommerceEntry->WpUploadFilesForSale);functions\ecommerce\backend\gallery\cg-replace-ecommerce-file.php:14

unserialize$ecommerceFilesData[$ecommerceFilesRow->pid]['WpUploadFilesPosts'] = !empty($ecommerceFilesData[$ecofunctions\ecommerce\general\cg-ecommerce-functions.php:256

unserialize$ecommerceFilesData[$ecommerceFilesRow->pid]['WpUploadFilesPostMeta'] = !empty($ecommerceFilesData[$functions\ecommerce\general\cg-ecommerce-functions.php:257

unserialize$ecommerceFilesData[$ecommerceFilesRow->pid]['WpUploadFilesForSale'] = !empty($ecommerceFilesData[$efunctions\ecommerce\general\cg-ecommerce-functions.php:258

unserialize$ecommerceFilesData[$ecommerceFilesRow->pid]['WatermarkSettings'] = !empty($ecommerceFilesData[$ecomfunctions\ecommerce\general\cg-ecommerce-functions.php:259

unserializeif(!empty($rowObject->Exif)){$queryDataArray[$rowObject->id]['Exif'] = unserialize($rowObject->Exif)functions\ecommerce\general\cg-ecommerce-functions.php:296

unserializeif(!empty($rowObject->MultipleFiles) && $rowObject->MultipleFiles!='""'){$queryDataArray[$rowObject-functions\ecommerce\general\cg-ecommerce-functions.php:297

unserialize$entryData['MultipleFiles'] = unserialize($entryData['MultipleFiles']);functions\ecommerce\general\cg-ecommerce-functions.php:344

unserialize$RawData[$pid]['MultipleFiles'] = unserialize($RawData[$pid]['MultipleFiles']);functions\ecommerce\general\cg-ecommerce-functions.php:384

unserialize$LogForDatabase = unserialize($order->LogForDatabase);functions\ecommerce\general\cg-ecommerce-payment-processing-create-invoice.php:17

unserialize$InvoiceNote = unserialize($selectSQLecommerceInvoiceOptions->InvoiceNote);functions\ecommerce\general\cg-ecommerce-payment-processing-create-invoice.php:297

unserialize$LogForDatabase = unserialize($Order->LogForDatabase);functions\ecommerce\general\cg-ecommerce-payment-processing-functions.php:76

unserialize$LogForDatabase['purchase_units'][0]['items'][$key]['WpUploadFilesForSale'] = unserialize($OrderItemfunctions\ecommerce\general\cg-ecommerce-payment-processing-functions.php:240

unserialize$InvoiceNumberLogic = unserialize($InvoiceNumberLogic);functions\ecommerce\general\cg-paypal-get-invoice-number-logic-result.php:106

unserialize$exifDataArray = unserialize($rowObject->Exif);functions\general\cg-create-json-files-when-activating.php:308

unserialize$MultipleFilesArray = unserialize($rowObject->MultipleFiles);functions\general\cg-delete-images-of-deleted-wp-uploads.php:51

unserialize$MultipleFilesArray = unserialize($imageData->MultipleFiles);functions\general\cg-delete-images.php:205

unserialize$row->Field_Content = unserialize($row->Field_Content);functions\general\json-data\cg-json-single-view-order.php:28

unserialize$Field_Content = unserialize($input->Field_Content);functions\general\json-data\cg-json-upload-form-info-data-files-new.php:50

unserialize$row->Field_Content = unserialize($row->Field_Content);functions\general\json-data\cg-json-upload-form-info-data-files.php:72

unserialize$fieldContent = unserialize($object->Field_Content);functions\general\json-data\cg-json-upload-form.php:44

unserialize$EditProfileGroups = (!empty($registryAndLoginOptions->EditProfileGroups)) ? unserialize($registryAnfunctions\general\registry\cg-registry-functions.php:267

unserialize$fieldContent = unserialize($imageInputFieldContent);functions\general\sanitize\cg-sanitize-files.php:58

unserialize$WpUploadFilesForSale = unserialize($ecommerceEntry->WpUploadFilesForSale);index.php:930

unserialize$WpUploadFilesPostMeta = unserialize($wpdb->get_var("SELECT WpUploadFilesPostMeta FROM $tablename_ectemplates\landing.php:209

unserialize$Field_Content = unserialize($field->Field_Content);v10\v10-admin\copy-gallery-images.php:339

unserialize$fieldContent = unserialize($value1);v10\v10-admin\copy-gallery-options-and-translations.php:284

unserialize$LogForDatabase = unserialize($Order->LogForDatabase);v10\v10-admin\ecommerce\show-order.php:34

unserialize$RawDataWhenBuyed[$OrderItem->pid] = unserialize($OrderItem->RawData);v10\v10-admin\ecommerce\show-order.php:79

unserialize$LogForDatabase['purchase_units'][0]['items'][$key]['WpUploadFilesForSale'] = unserialize($OrderItemv10\v10-admin\ecommerce\show-order.php:122

unserialize$LogForDatabase = unserialize($saleOrder->LogForDatabase);v10\v10-admin\ecommerce\show-orders.php:241

unserialize$selectContentField = unserialize($value->Field_Content);v10\v10-admin\export\export-images-data.php:125

unserialize$selectContentField = unserialize($value->Field_Content);v10\v10-admin\export\export-images-data.php:133

unserialize$ExifData = unserialize($value->Exif);v10\v10-admin\export\export-images-data.php:662

unserialize$fieldContent = unserialize($field->Field_Content);v10\v10-admin\gallery\change-gallery\0_change-gallery.php:78

unserializeif(!empty($ecommerceEntry) && !empty($ecommerceEntry->WpUploadFilesForSale) && in_array(absint($_POSv10\v10-admin\gallery\change-gallery\0_change-gallery.php:564

unserialize$MultipleFiles = unserialize($rowObject->MultipleFiles);v10\v10-admin\gallery\delete-pics.php:80

unserialize$WatermarkSettings = (!empty($value->EcommerceEntry) && !empty($allEcommerceFilesByIdArray[$id]['Watv10\v10-admin\gallery\gallery.php:248

unserialize$WpUploadFilesForSale = (!empty($value->EcommerceEntry) && !empty($allEcommerceFilesByIdArray[$id]['v10\v10-admin\gallery\gallery.php:249

unserialize$WpUploadFilesForSaleArray = (!empty($value->EcommerceEntry) && !empty($allEcommerceFilesByIdArray[$v10\v10-admin\gallery\gallery.php:250

unserialize$exifData = unserialize($exifData);v10\v10-admin\gallery\gallery.php:333

unserialize$MultipleFilesUnserialized = unserialize($value->MultipleFiles);v10\v10-admin\gallery\gallery.php:353

unserialize$WpUploadFilesPostMeta = unserialize($WpUploadFilesPostMeta);v10\v10-admin\gallery\gallery.php:813

unserialize$upload_form_inputs[$key]->Field_Content = unserialize($upload_input->Field_Content);v10\v10-admin\gallery\get-data.php:124

unserialize$MultipleFilesUnserialized = unserialize($imageRow->MultipleFiles);v10\v10-admin\gallery\get-data.php:461

unserialize$selectContentField = unserialize($value->Field_Content);v10\v10-admin\gallery\get-data.php:669

unserialize$MultipleFilesUnserialized = unserialize($value->MultipleFiles);v10\v10-admin\gallery\header-1.php:146

unserialize$selectFormInputRowFieldContentUnserialized = unserialize($selectFormInputRow->Field_Content);v10\v10-admin\gallery\header-2.php:382

unserialize$selectFormInputRowFieldContentUnserialized = unserialize($selectFormInputRow->Field_Content);v10\v10-admin\gallery\header-2.php:395

unserialize$selectFormInputRowFieldContentUnserialized = unserialize($selectFormInputRow->Field_Content);v10\v10-admin\gallery\header-2.php:408

unserialize$selectFormInputRowFieldContentUnserialized = unserialize($selectFormInputRow->Field_Content);v10\v10-admin\gallery\header-2.php:421

unserialize$selectFormInputRowFieldContentUnserialized = unserialize($selectFormInputRow->Field_Content);v10\v10-admin\gallery\header-2.php:434

unserialize$selectFormInputRowFieldContentUnserialized = unserialize($selectFormInputRow->Field_Content);v10\v10-admin\gallery\header-2.php:449

unserialize$MultipleFilesUnserialized = unserialize($imageData->MultipleFiles);v10\v10-admin\gallery\show-comments.php:299

unserialize$MultipleFilesUnserialized = unserialize($galleryFile->MultipleFiles);v10\v10-admin\gallery\sort-gallery-files.php:70

unserialize$postMetaImageFileUnserialized = unserialize($postMetaImageFile->meta_value);v10\v10-admin\gallery\sort-gallery-files.php:129

unserialize$AllowedCountries = (!empty($selectSQLecommerceOptions->AllowedCountries)) ? unserialize($selectSQLev10\v10-admin\options\edit-options.php:166

unserialize$AllowedCountriesTranslations = (!empty($selectSQLecommerceOptions->AllowedCountriesTranslations)) ?v10\v10-admin\options\edit-options.php:167

unserialize$InvoiceNote = unserialize($selectSQLecommerceInvoiceOptions->InvoiceNote);v10\v10-admin\options\edit-options.php:200

unserialize$EditProfileGroups = (!empty($registryAndLoginOptions->EditProfileGroups)) ? unserialize($registryAnv10\v10-admin\options\edit-options.php:848

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-check-agreement-left.php:49

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-check-left.php:94

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-date-left.php:69

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-email-left.php:48

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-google-captcha-left.php:49

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-html-left.php:45

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-htmlf-left.php:34

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-image-left.php:39

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-input-left.php:128

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-radio-left.php:94

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-select-categories-left.php:106

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-select-left.php:94

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-simple-captcha-left.php:48

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-textarea-left.php:129

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-left\upload-url-left.php:60

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-check-agreement-right.php:12

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-check-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-date-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-email-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-google-captcha-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-html-right.php:12

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-image-right.php:3

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-input-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-radio-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-select-categories-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-select-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-simple-captcha-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-textarea-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-fields-right\upload-url-right.php:11

unserialize$fieldContent = unserialize($value->Field_Content);v10\v10-admin\upload\upload-left-side.php:219

unserialize$MultipleFilesUnserialized = unserialize($imageData->MultipleFiles);v10\v10-admin\votes\show-votes.php:146

unserialize$EcommerceFilesDataEachGallery[$GalleryID][$ecommerceFileSQL->pid]['WpUploadFilesPosts'] = unserialiv10\v10-frontend\ecommerce\ecommerce-get-raw-data-from-galleries.php:74

unserialize$EcommerceFilesDataEachGallery[$GalleryID][$ecommerceFileSQL->pid]['WpUploadFilesPostMeta'] = unseriv10\v10-frontend\ecommerce\ecommerce-get-raw-data-from-galleries.php:75

unserialize$EcommerceFilesDataEachGallery[$GalleryID][$ecommerceFileSQL->pid]['WpUploadFilesForSale'] = unseriav10\v10-frontend\ecommerce\ecommerce-get-raw-data-from-galleries.php:76

unserialize$EcommerceFilesDataEachGallery[$GalleryID][$ecommerceFileSQL->pid]['WatermarkSettings'] = unserializv10\v10-frontend\ecommerce\ecommerce-get-raw-data-from-galleries.php:77

unserialize$LogForDatabase = unserialize($Order->LogForDatabase);v10\v10-frontend\ecommerce\ecommerce-show-order-frontend.php:92

unserialize$RawDataWhenBuyed[$OrderItem->pid] = unserialize($OrderItem->RawData);v10\v10-frontend\ecommerce\ecommerce-show-order-frontend.php:131

unserialize$LogForDatabase['purchase_units'][0]['items'][$key]['WpUploadFilesForSale'] = unserialize($OrderItemv10\v10-frontend\ecommerce\ecommerce-show-order-frontend.php:181

unserialize$MultipleFilesToDelete = [$pictureID => unserialize($MultipleFilesFromUserFrontendDelete)];v10\v10-frontend\gallery\gallery-user-delete-image.php:115

unserialize$fieldContent = unserialize($field->Field_Content);v10\v10-frontend\gallery\gallery-user-edit-image-data.php:137

unserialize$queryDataArray[$rowObject->id]['Exif'] = unserialize($rowObject->Exif);v10\v10-frontend\load-data-ajax.php:292

unserialize$queryDataArray[$rowObject->id]['MultipleFiles'] = unserialize($rowObject->MultipleFiles);v10\v10-frontend\load-data-ajax.php:298

unserialize$ecommerceOptions['AllowedCountries'] = unserialize($ecommerceOptions['AllowedCountries']);v10\v10-frontend\load-data-ajax.php:384

unserialize$ecommerceOptions['AllowedCountriesTranslations'] = unserialize($ecommerceOptions['AllowedCountriesTv10\v10-frontend\load-data-ajax.php:387

unserialize$queryDataArray[$rowObject->id]['MultipleFiles'] = unserialize($rowObject->MultipleFiles);v10\v10-frontend\load-data-ajax.php:913

unserialize$selectContentField = unserialize($value->Field_Content);v10\v10-frontend\user_upload\mail_admin.php:100

unserialize$selectContentField = unserialize($value->Field_Content);v10\v10-frontend\user_upload\mail_user_upload.php:97

unserialize$Field_Content_User_File_Field =unserialize($wpdb->get_var( "SELECT Field_Content FROM $tablename_fov10\v10-frontend\user_upload\mail_user_upload.php:284

unserialize$row->Field_Content = unserialize($row->Field_Content);v10\v10-frontend\user_upload\users-upload-check.php:301

unserialize$AdditionalFilesArray = unserialize($wpdb->get_var( "SELECT MultipleFiles FROM $tablename1 WHERE id v10\v10-frontend\user_upload\users-upload-check.php:1700

Bundled Libraries

TinyMCE

SQL Query Safety

59% prepared1539 total queries

Output Escaping

22% escaped4476 total outputs

Data Flows

74 unsanitized

Data Flow Analysis

25 flows74 with unsanitized paths

post_cg_move_to_another_gallery (ajax\ajax-functions-backend.php:343)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

79 unprotected

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Attack Surface

Entry Points98

Unprotected79

AJAX Handlers 80

authwp_ajax_post_cg_get_current_permalinksajax\ajax-functions-backend.php:3

authwp_ajax_post_cg_create_pdf_preview_backendajax\ajax-functions-backend.php:56

authwp_ajax_post_cg_move_to_another_gallery_get_inputsajax\ajax-functions-backend.php:295

authwp_ajax_post_cg_move_to_another_galleryajax\ajax-functions-backend.php:341

authwp_ajax_post_cg_gallery_view_control_backendajax\ajax-functions-backend.php:510

authwp_ajax_post_cg_gallery_save_categories_changesajax\ajax-functions-backend.php:587

authwp_ajax_post_cg_change_invoiceajax\ajax-functions-backend.php:620

authwp_ajax_post_cg_twitter_getajax\ajax-functions-backend.php:660

authwp_ajax_post_cg_social_platform_inputajax\ajax-functions-backend.php:732

authwp_ajax_post_cg_social_platforms_queryajax\ajax-functions-backend.php:846

authwp_ajax_post_cg_social_platforms_add_to_galleryajax\ajax-functions-backend.php:889

authwp_ajax_post_cg_youtube_delete_from_libraryajax\ajax-functions-backend.php:934

authwp_ajax_post_cg_gallery_sort_filesajax\ajax-functions-backend.php:990

authwp_ajax_post_cg_attach_to_another_user_selectajax\ajax-functions-backend.php:1032

authwp_ajax_post_cg_attach_to_another_userajax\ajax-functions-backend.php:1071

authwp_ajax_post_cg_test_ecom_keysajax\ajax-functions-backend.php:1126

authwp_ajax_post_cg_test_stripe_keysajax\ajax-functions-backend.php:1176

authwp_ajax_post_cg_shortcode_interval_confajax\ajax-functions-backend.php:1225

authwp_ajax_post_cg_show_paypal_api_responseajax\ajax-functions-backend.php:1272

authwp_ajax_post_cg_set_for_paypal_sellajax\ajax-functions-backend.php:1312

authwp_ajax_post_cg_download_original_source_for_ecommerce_saleajax\ajax-functions-backend.php:1361

authwp_ajax_post_cg_deactivate_ecommerce_saleajax\ajax-functions-backend.php:1406

authwp_ajax_post_cg_paypal_invoicingajax\ajax-functions-backend.php:1451

authwp_ajax_post_cg_check_nickname_edit_profileajax\ajax-functions-backend.php:1497

authwp_ajax_post_cg_backend_image_uploadajax\ajax-functions-backend.php:1547

authwp_ajax_post_cg_get_current_nonceajax\ajax-functions-backend.php:1596

authwp_ajax_post_cg_get_wp_user_metaajax\ajax-functions-backend.php:1609

authwp_ajax_post_cg1l_delete_unconfirmed_mailajax\ajax-functions-backend.php:1635

authwp_ajax_post_cg_list_unconfirmed_mailsajax\ajax-functions-backend.php:1643

authwp_ajax_post_cg1l_get_management_show_usersajax\ajax-functions-backend.php:1708

authwp_ajax_post_cg1l_get_unconfirmed_usersajax\ajax-functions-backend.php:1731

noprivwp_ajax_post_cg_galleries_show_cg_galleryajax\ajax-functions-frontend.php:4

authwp_ajax_post_cg_galleries_show_cg_galleryajax\ajax-functions-frontend.php:5

noprivwp_ajax_post_cg_check_if_onlineajax\ajax-functions-frontend.php:63

authwp_ajax_post_cg_check_if_onlineajax\ajax-functions-frontend.php:64

noprivwp_ajax_post_cg_load_v10ajax\ajax-functions-frontend.php:77

authwp_ajax_post_cg_load_v10ajax\ajax-functions-frontend.php:78

noprivwp_ajax_post_cg_set_frontend_cookieajax\ajax-functions-frontend.php:96

authwp_ajax_post_cg_set_frontend_cookieajax\ajax-functions-frontend.php:97

noprivwp_ajax_post_cg_rate_v10_oneStarajax\ajax-functions-frontend.php:132

authwp_ajax_post_cg_rate_v10_oneStarajax\ajax-functions-frontend.php:133

noprivwp_ajax_post_cg_rate_v10_fiveStarajax\ajax-functions-frontend.php:154

authwp_ajax_post_cg_rate_v10_fiveStarajax\ajax-functions-frontend.php:155

noprivwp_ajax_post_cg1l_current_frontend_nonceajax\ajax-functions-frontend.php:179

authwp_ajax_post_cg1l_current_frontend_nonceajax\ajax-functions-frontend.php:180

noprivwp_ajax_post_cg1l_login_user_by_keyajax\ajax-functions-frontend.php:204

noprivwp_ajax_post_cg_gallery_form_uploadajax\ajax-functions-frontend.php:265

authwp_ajax_post_cg_gallery_form_uploadajax\ajax-functions-frontend.php:266

noprivwp_ajax_post_cg_gallery_user_delete_imageajax\ajax-functions-frontend.php:292

authwp_ajax_post_cg_gallery_user_delete_imageajax\ajax-functions-frontend.php:293

noprivwp_ajax_post_cg_gallery_user_edit_image_dataajax\ajax-functions-frontend.php:322

authwp_ajax_post_cg_gallery_user_edit_image_dataajax\ajax-functions-frontend.php:323

noprivwp_ajax_post_cg_changes_recognizedajax\ajax-functions-frontend.php:352

authwp_ajax_post_cg_changes_recognizedajax\ajax-functions-frontend.php:353

noprivwp_ajax_cg_show_set_comments_v10ajax\ajax-functions-frontend.php:409

authwp_ajax_cg_show_set_comments_v10ajax\ajax-functions-frontend.php:410

noprivwp_ajax_post_cg_loginajax\ajax-functions-frontend.php:438

noprivwp_ajax_post_cg1l_resend_unconfirmed_mail_frontendajax\ajax-functions-frontend.php:461

noprivwp_ajax_post_cg1l_verify_pinajax\ajax-functions-frontend.php:506

noprivwp_ajax_post_cg1l_resend_pinajax\ajax-functions-frontend.php:534

noprivwp_ajax_post_cg_pro_version_info_recognizedajax\ajax-functions-frontend.php:560

authwp_ajax_post_cg_pro_version_info_recognizedajax\ajax-functions-frontend.php:561

noprivwp_ajax_post_cg_ecommerce_checkoutajax\ajax-functions-frontend.php:587

authwp_ajax_post_cg_ecommerce_checkoutajax\ajax-functions-frontend.php:588

noprivwp_ajax_post_cg_ecommerce_payment_processingajax\ajax-functions-frontend.php:608

authwp_ajax_post_cg_ecommerce_payment_processingajax\ajax-functions-frontend.php:609

noprivwp_ajax_post_cg_get_raw_data_from_galleriesajax\ajax-functions-frontend.php:631

authwp_ajax_post_cg_get_raw_data_from_galleriesajax\ajax-functions-frontend.php:632

noprivwp_ajax_post_cg_get_stripe_payment_intentajax\ajax-functions-frontend.php:648

authwp_ajax_post_cg_get_stripe_payment_intentajax\ajax-functions-frontend.php:649

authwp_ajax_post_cg_ecommerce_download_keys_fileajax\ajax-functions-frontend.php:666

authwp_ajax_post_cg_add_openai_imagefunctions\backend\ajax\openai\post-cg-add-openai-image.php:4

authwp_ajax_post_cg_check_openai_keyfunctions\backend\ajax\openai\post-cg-check-openai-key.php:4

authwp_ajax_post_cg_edit_openai_imagefunctions\backend\ajax\openai\post-cg-edit-openai-image.php:4

authwp_ajax_post_cg_generate_openai_imagefunctions\backend\ajax\openai\post-cg-generate-openai-image.php:5

authwp_ajax_post_cg_get_openai_promptsfunctions\backend\ajax\openai\post-cg-get-openai-prompts.php:4

authwp_ajax_post_contest_gallery_action_ajaxindex.php:475

authwp_ajax_cg_check_wp_admin_upload_v10v10\include-functions-v10.php:42

noprivwp_ajax_post_cg_registryv10\include-functions-v10.php:78

authwp_ajax_post_cg_registryv10\include-functions-v10.php:79

Shortcodes 18

[cg_gallery] index.php:264

[cg_gallery_user] index.php:266

[cg_gallery_no_voting] index.php:268

[cg_gallery_winner] index.php:270

[cg_gallery_ecommerce] index.php:272

[cg_galleries] index.php:274

[cg_galleries_user] index.php:275

[cg_galleries_no_voting] index.php:276

[cg_galleries_winner] index.php:277

[cg_galleries_ecommerce] index.php:278

[cg_users_upload] index.php:280

[cg_users_contact] index.php:282

[cg_mail_confirm] index.php:284

[cg_users_pin] index.php:289

[cg_users_reg] index.php:291

[cg_users_login] index.php:293

[cg_entry_on_off] index.php:295

[cg_order_summary] index.php:297

WordPress Hooks 99

filterwp_default_editorfunctions\backend\render\cg-shortcode-interval-configuration-container.php:13

actionwp_mail_failedfunctions\ecommerce\general\cg-ecommerce-payment-processing-functions.php:196

actioncg_is_alternative_file_typefunctions\general\cg-check-file-types.php:3

actioncg_is_alternative_file_type_filefunctions\general\cg-check-file-types.php:18

actioncg_is_alternative_file_type_videofunctions\general\cg-check-file-types.php:33

actioncg_is_alternative_file_type_audiofunctions\general\cg-check-file-types.php:44

actioncg_is_is_imagefunctions\general\cg-check-file-types.php:57

actioncg_copy_fb_sitesfunctions\general\cg-copy-fb-sites.php:2

actioncg_copy_pre7_gallery_imagesfunctions\general\cg-copy-pre7-gallery-images.php:2

actioncg_create_exif_data_and_add_to_databasefunctions\general\cg-create-exif-data.php:2

actioncg_create_exif_datafunctions\general\cg-create-exif-data.php:32

actioncg_create_fb_htmlfunctions\general\cg-create-fb-html.php:2

actioncg_create_fb_sitesfunctions\general\cg-create-fb-sites.php:2

actioncg_deactivate_imagesfunctions\general\cg-deactivate-images.php:3

actioncg_delete_images_of_deleted_wp_uploadsfunctions\general\cg-delete-images-of-deleted-wp-uploads.php:2

actioncg_delete_imagesfunctions\general\cg-delete-images.php:3

actioncg_edit_imagesfunctions\general\cg-edit-image.php:3

actioncg_get_user_ip_typefunctions\general\cg-get-user-ip-type.php:2

actioncg_get_user_ipfunctions\general\cg-get-user-ip.php:64

actioncg_plugin_mce_css_to_addfunctions\general\cg-plugin-mce-css-to-add.php:2

actiondelete_userfunctions\general\cg-pre-delete-wp-user.php:2

actionwp_mail_failedfunctions\general\cg-user-functions.php:222

actionwp_mail_failedfunctions\general\cg-user-functions.php:299

actioncg_actualize_all_images_data_deleted_imagesfunctions\general\json-data\cg-actualize-all-images-data-deleted-images.php:3

actioncg_actualize_all_images_data_sort_values_file_set_arrayfunctions\general\json-data\cg-actualize-all-images-data-sort-values-file-set-array.php:3

actioncg_check_and_repair_image_file_datafunctions\general\json-data\cg-check-and-repair-image-data-file.php:3

actioncg_json_single_view_orderfunctions\general\json-data\cg-json-single-view-order.php:3

actioncg_json_upload_form_info_data_files_newfunctions\general\json-data\cg-json-upload-form-info-data-files-new.php:3

actioncg_json_upload_form_info_data_filesfunctions\general\json-data\cg-json-upload-form-info-data-files.php:3

actioncg_json_upload_formfunctions\general\json-data\cg-json-upload-form.php:3

actionwp_mail_failedfunctions\general\mail\cg-user-comment-mail.php:45

actionwp_mail_failedfunctions\general\mail\cg-user-vote-mail.php:45

actioncg_update_to_pro_one_starfunctions\general\normal\cg-update-to-pro.php:3

actioncg_update_to_pro_five_starsfunctions\general\normal\cg-update-to-pro.php:24

actioncg_registry_add_profile_imagefunctions\general\registry\cg-registry-add-profile-image.php:3

actioncg_check_if_new_registry_logic_explanation_note_requiredfunctions\general\registry\cg-registry-functions.php:3

filterlogout_urlfunctions\general\registry\cg-registry-functions.php:22

actionwp_logoutfunctions\general\registry\cg-registry-functions.php:37

actionwp_before_admin_bar_renderfunctions\general\registry\cg-registry-functions.php:52

actionwp_before_admin_bar_renderfunctions\general\registry\cg-registry-functions.php:94

actionwp_enqueue_scriptsfunctions\general\registry\cg-registry-functions.php:223

actionadmin_bar_menufunctions\general\registry\cg-registry-functions.php:239

actionpersonal_options_updatefunctions\general\registry\cg-registry-functions.php:282

actionuser_profile_update_errorsfunctions\general\registry\cg-registry-functions.php:332

actionshow_user_profilefunctions\general\registry\cg-registry-functions.php:391

actionedit_user_profilefunctions\general\registry\cg-registry-functions.php:392

actioncg_create_general_registration_form_v14functions\general\registry\create\cg-registry-create-functions.php:15

actionpersonal_options_updatefunctions\general\registry\update\cg-registry-update-functions.php:3

actionedit_user_profile_updatefunctions\general\registry\update\cg-registry-update-functions.php:4

actioncg_copy_commentsfunctions\general\sql\cg-copy-comments.php:2

actioncg_copy_ratingfunctions\general\sql\cg-copy-rating.php:3

actioncg_remove_not_required_coded_csvsindex-functions.php:133

filterparse_queryindex.php:39

actioninitindex.php:149

actioninitindex.php:153

actioninitindex.php:169

actioninitindex.php:182

actioninitindex.php:197

actioninitindex.php:201

actioninitindex.php:217

actioninitindex.php:221

actioninitindex.php:238

actionplugins_loadedindex.php:359

actionadmin_menuindex.php:368

actionadmin_enqueue_scriptsindex.php:384

actionadmin_enqueue_scriptsindex.php:388

actioncg_delete_files_and_folderindex.php:445

filtertemplate_includeindex.php:563

actionupgrader_process_completeindex.php:694

filterbig_image_size_thresholdindex.php:781

actiondelete_postindex.php:796

actiontemplate_redirectindex.php:805

actiontemplate_redirectindex.php:853

actiontemplate_redirectindex.php:895

actiontemplate_redirectindex.php:980

actiontemplate_redirectindex.php:991

actioninitregister_post_type.php:65

actioninitregister_post_type.php:121

actioninitregister_post_type.php:145

actioninitregister_post_type.php:170

actioninitregister_post_type.php:195

actioninitregister_post_type.php:220

actionadmin_enqueue_scriptsv10\include-conditions-v10.php:3

filtermce_cssv10\include-conditions-v10.php:32

filtermce_cssv10\include-conditions-v10.php:62

filtermce_cssv10\include-conditions-v10.php:72

actionadmin_enqueue_scriptsv10\include-functions-v10.php:36

actionwp_mail_failedv10\v10-admin\gallery\change-gallery\7_inform.php:83

filterwp_default_editorv10\v10-admin\upload\create-upload.php:55

filterwp_default_editorv10\v10-admin\users\admin\registry\create-registry.php:43

actionwp_mail_failedv10\v10-admin\users\frontend\login\ajax\users-login-check-ajax-lost-password.php:78

actionwp_mail_failedv10\v10-frontend\data\comment\show-set-comments-v10.php:400

actionwp_mail_failedv10\v10-frontend\user_upload\mail_admin.php:49

actioncontest_gal1ery_mail_adminv10\v10-frontend\user_upload\mail_admin.php:56

actionwp_mail_failedv10\v10-frontend\user_upload\mail_confirm.php:81

actionwp_mail_failedv10\v10-frontend\user_upload\mail_image_activation_function.php:87

actionwp_mail_failedv10\v10-frontend\user_upload\mail_user_upload.php:48

actioncontest_gal1ery_mail_user_uploadv10\v10-frontend\user_upload\mail_user_upload.php:55

actioncontest_gal1ery_mail_image_activationv10\v10-frontend\user_upload\users-upload-check.php:324

Maintenance & Trust

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 1, 2026

PHP min version

Downloads385K

Community Trust

Rating88/100

Number of ratings86

Active installs1K

Alternatives

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Alternatives

Voting for a Photo

voting-for-a-photo

Adding a photo vote to the WordPress Gallery

90 No CVEs

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

rafflepress

The best WordPress giveaway plugin. Grow your email list, website traffic, and social media followers with viral contests, giveaways, and sweepstakes.

30K 11 CVEs

Simple Giveaways – Grow your business, email lists and traffic with contests

giveasap

Create a Simple Giveaway or Giveaways and grow your email list. Embed them in a post or in a sidebar to increase the conversion.

500 1 unpatched

WP Voting Contest Lite

wp-voting-contest

Let users cast votes on your images/photos.

500 2 unpatched

Tribulant Gallery Voting

gallery-voting

Let users cast votes/likes on your WordPress gallery images/photos.

300 1 CVE

Developer Profile

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Developer Profile

Wasiliy Strecker / ContestGallery developer

1 plugin · 1K total installs

trust score

Avg Security Score

76/100

Avg Patch Time

172 days

View full developer profile

Detection Fingerprints

How We Detect Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/contest-gallery/v10/v10-js//wp-content/plugins/contest-gallery/functions/general/mail//wp-content/plugins/contest-gallery/functions/general/option//wp-content/plugins/contest-gallery/functions/general//wp-content/plugins/contest-gallery/functions/frontend//wp-content/plugins/contest-gallery/functions/google//wp-content/plugins/contest-gallery/functions/general/registry//wp-content/plugins/contest-gallery/functions/general/registry/create/+5 more

Version Parameters

contest-gallery/style.css?ver=contest-gallery/v10/v10-js/v10-main.js?ver=

HTML / DOM Fingerprints

CSS Classes

cg_gallerycontest_gallerycg_vote_buttonscg_winner_entries

HTML Comments

<!-- This is a custom template for the contest galleries. If you would like to customize it, please copy this file and put it in your themes directory. -->

+2 more

Data Attributes

data-cg-gallery-iddata-cg-entry-iddata-cg-vote-idcg_vote_button_id

JS Globals

contest_gallery_datacg_ajax_objectcg_vote_noncecg_gallery_idcg_entry_id

REST Endpoints

/wp-json/contest-gallery/v1/vote//wp-json/contest-gallery/v1/submit//wp-json/contest-gallery/v1/comment/

Shortcode Output

[contest-gallery][contest-gallery-gallery-id id=""][contest-gallery-entries][contest-gallery-user-entries]

FAQ

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Security & Risk Analysis

Is Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Safe to Use in 2026?

Mostly Safe

Key Concerns

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Security Vulnerabilities

CVEs by Year

Severity Breakdown

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Attack Surface

AJAX Handlers 80

Shortcodes 18

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Maintenance & Trust

Maintenance Signals

Community Trust

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Alternatives

Voting for a Photo

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

Simple Giveaways – Grow your business, email lists and traffic with contests

WP Voting Contest Lite

Tribulant Gallery Voting

Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe Developer Profile

How We Detect Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe