CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25952 – WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-25952
31 Oct 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Keywordrush Content Egg en WordPress en versiones <= 5.4.0. The Content Egg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke that functi... • https://patchstack.com/database/vulnerability/content-egg/wordpress-content-egg-plugin-5-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0428 – Content Egg < 5.3.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0428
06 Apr 2022 — The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting El plugin Content Egg de WordPress versiones anteriores a 5.3.0, no sanea y escapa del parámetro page antes de devolverlo a un atributo en el panel de administración de Autoblogging, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •