A vulnerability marked as critical has been reported in Contest Gallery Plugin up to 28.0.2 on WordPress. The affected element is the function
cg_check_wp_admin_upload_v10. The manipulation leads to missing authorization.
This vulnerability is referenced as CVE-2025-12849. Remote exploitation of the attack is possible. No exploit is available.
