What this page helps you verify fast
This hub clusters every indexed record for Content Mask so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.
Review known vulnerability records for the WordPress plugin Content Mask (`content-mask`), including severity, CVE references, affected versions, and patch status.
Recent tracked CVEs on this page include CVE-2025-58012, CVE-2025-58011 and CVE-2022-1203, so operators can jump from disclosure to patch validation without scanning the full feed first.
This hub clusters every indexed record for Content Mask so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.
These recent records surface the CVE strings, patch cues, and direct report links most operators need first.
The Content Mask plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.5.3 due to missing validation on a user controlled key. This...
The Content Mask plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.5.2. This makes it possible for authenticated attackers, with Con...
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belon...
Sorted by latest disclosure date so newly published issues surface first.
The Content Mask plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.5.3 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to per...
The Content Mask plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.5.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating f...
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arb...