Headline
CVE-2022-25952: WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 5.4.0
PSID
82709e0872da
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-10-31
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to Autoblogging Removal discovered by Muhammad Daffa (Patchstack Alliance) in the WordPress Content Egg plugin (versions <= 5.4.0).
Solution
Update the WordPress Content Egg plugin to the latest available version (at least 5.5.0).
References