Vulnerabilities and security researches forcontent-mask content-mask

Jun 07, 2024

CVE, Research URL: CVE-2022-1203
Home page URL: Security reports for Content Mask
Application: Content Mask
Date: May 30, 2022
Research Description: The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
Affected versions: max 1.8.4.1.
Status: vulnerable

Oct 12, 2025

CVE, Research URL: CVE-2025-58011
Home page URL: Security reports for Content Mask
Application: Content Mask
Date: Sep 23, 2025
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Alex Content Mask content-mask allows Server Side Request Forgery.This issue affects Content Mask: from n/a through <= 1.8.5.2.
Affected versions: max 1.8.5.3.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-58012
Home page URL: Security reports for Content Mask
Application: Content Mask
Date: Sep 23, 2025
Research Description: Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask content-mask allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Content Mask: from n/a through <= 1.8.5.3.
Affected versions: max 1.8.5.2.
Status: vulnerable