Search criteria
4 vulnerabilities found for content_egg by keywordrush
CVE-2022-25952 (GCVE-0-2022-25952)
Vulnerability from nvd – Published: 2022-11-03 19:35 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.
Severity
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Keywordrush | Content Egg (WordPress plugin) |
Affected:
<= 5.4.0 , ≤ <= 5.4.0
(custom)
|
Date Public
2022-10-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/content-egg/#developers"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:21:51.284447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:56:26.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Egg (WordPress plugin)",
"vendor": "Keywordrush",
"versions": [
{
"lessThanOrEqual": "\u003c= 5.4.0",
"status": "affected",
"version": "\u003c= 5.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"datePublic": "2022-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin \u003c= 5.4.0 on WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:39.608Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"url": "https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"url": "https://wordpress.org/plugins/content-egg/#developers"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 5.5.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Content Egg plugin \u003c= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-25952",
"datePublished": "2022-11-03T19:35:04.736Z",
"dateReserved": "2022-06-30T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:39.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0428 (GCVE-0-2022-0428)
Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:25
VLAI
Title
Content Egg < 5.3.0 - Reflected Cross-Site Scripting
Summary
The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/071a2f69-9cd6-42… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Content Egg |
Affected:
5.3.0 , < 5.3.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Content Egg",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:37.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Content Egg \u003c 5.3.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0428",
"STATE": "PUBLIC",
"TITLE": "Content Egg \u003c 5.3.0 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Egg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.3.0",
"version_value": "5.3.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0428",
"datePublished": "2022-05-02T16:05:37.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25952 (GCVE-0-2022-25952)
Vulnerability from cvelistv5 – Published: 2022-11-03 19:35 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.
Severity
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Keywordrush | Content Egg (WordPress plugin) |
Affected:
<= 5.4.0 , ≤ <= 5.4.0
(custom)
|
Date Public
2022-10-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/content-egg/#developers"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:21:51.284447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:56:26.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Content Egg (WordPress plugin)",
"vendor": "Keywordrush",
"versions": [
{
"lessThanOrEqual": "\u003c= 5.4.0",
"status": "affected",
"version": "\u003c= 5.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
}
],
"datePublic": "2022-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin \u003c= 5.4.0 on WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:39.608Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"url": "https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"url": "https://wordpress.org/plugins/content-egg/#developers"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 5.5.0 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Content Egg plugin \u003c= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-25952",
"datePublished": "2022-11-03T19:35:04.736Z",
"dateReserved": "2022-06-30T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:39.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0428 (GCVE-0-2022-0428)
Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:25
VLAI
Title
Content Egg < 5.3.0 - Reflected Cross-Site Scripting
Summary
The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/071a2f69-9cd6-42… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Content Egg |
Affected:
5.3.0 , < 5.3.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Content Egg",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:37.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Content Egg \u003c 5.3.0 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0428",
"STATE": "PUBLIC",
"TITLE": "Content Egg \u003c 5.3.0 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Egg",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.3.0",
"version_value": "5.3.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0428",
"datePublished": "2022-05-02T16:05:37.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}