2 matches found
CVE-2022-0428
CVE-2022-0428 affects the WordPress Content Egg plugin prior to 5.3.0. The root cause is failure to sanitize/escape the page parameter before output in an Autoblogging admin dashboard attribute, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Several advisories corroborate the issu...
CVE-2022-25952
CVE-2022-25952 describes a Cross‑Site Request Forgery (CSRF) in the WordPress plugin Keywordrush Content Egg / Content Egg up to version 5.4.0 . The flaw affects the plugin’s ability to verify CSRF tokens in certain actions, enabling an authenticated attacker to trick an admin into performing uni...