Contest Gallery WordPress Plugin Authentication Bypass Vulnerability (CVE-2026-4021)
CVE-2026-4021 describes an authentication bypass vulnerability in the Contest Gallery plugin for WordPress, allowing unauthenticated attackers to gain admin access by manipulating the user activation key and using an AJAX login endpoint.
The Contest Gallery plugin for WordPress, versions up to and including 28.1.5, is vulnerable to a critical authentication bypass (CVE-2026-4021). This vulnerability stems from how the users-registry-check-after-email-or-pin-confirmation.php script handles email confirmations, combined with an unauthenticated key-based login endpoint in ajax-functions-frontend.php. If the RegMailOptional=1 setting is enabled (non-default), an attacker can register a new user account with a specially…
Detection coverage 2
Detect Contest Gallery Authentication Bypass Attempt via AJAX
highDetects attempts to exploit CVE-2026-4021 by monitoring for suspicious POST requests to the WordPress AJAX endpoint with the 'post_cg1l_login_user_by_key' action.
Detect User Registration with Crafted Email for Activation Key Overwrite
mediumDetects user registration attempts using crafted email addresses designed to overwrite the admin's activation key in the database via CVE-2026-4021.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1