WP-Safety

Content Egg – Affiliate Product Importer & Price Comparison Security & Risk Analysis

wordpress.org/plugins/content-egg

Import affiliate products, compare prices, sync to WooCommerce, and auto-generate SEO content with AI — all in one toolkit.

10K active installs v10.1.0 PHP 7.4+ WP 6.0+ Updated Nov 25, 2025
affiliate-linksaffiliate-marketingai-content-generationcsv-importprice-comparison
96
A · Safe
CVEs total3
Unpatched0
Last CVEJul 30, 2025
Plugin page Download
Safety Verdict

Is Content Egg – Affiliate Product Importer & Price Comparison Safe to Use in 2026?

Generally Safe

Score 96/100

Content Egg – Affiliate Product Importer & Price Comparison has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jul 30, 2025Updated 4mo ago
Risk Assessment

The "content-egg" v10.1.0 plugin exhibits a mixed security posture. While it demonstrates good practices in several areas, such as the high percentage of SQL queries using prepared statements and properly escaped outputs, significant concerns remain. The presence of 23 flows with unsanitized paths, including 17 high-severity taint flows, is a critical indicator of potential vulnerabilities. The reliance on "unserialize" is also a red flag, especially when combined with unsanitized inputs. The vulnerability history, though currently showing no unpatched CVEs, reveals a pattern of past issues including Deserialization of Untrusted Data, CSRF, and XSS. This suggests a recurring theme of input validation and sanitization weaknesses that, despite current patches, highlight areas that require continuous vigilance. The plugin's attack surface is relatively small and appears to be protected by authentication checks, which is a positive sign. However, the high number of unsanitized taint flows is the most pressing concern and overshadows the other positive indicators, necessitating careful attention to secure input handling.

Key Concerns

  • High severity unsanitized taint flows
  • High number of unsanitized paths
  • Use of unserialize function
  • Vulnerability history pattern (Deserialization, CSRF, XSS)
Vulnerabilities
3

Content Egg – Affiliate Product Importer & Price Comparison Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-47536medium · 6.6Deserialization of Untrusted Data

Content Egg <= 7.0.0 - Authenticated (Editor+) PHP Object Injection

Jul 30, 2025 Patched in 8.0.0 (6d)
CVE-2022-25952high · 8.8Cross-Site Request Forgery (CSRF)

Content Egg <= 5.4.0 - Cross-Site Request Forgery

Oct 31, 2022 Patched in 5.5.0 (449d)
CVE-2022-0428medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Egg <= 5.3.0 - Reflected Cross-Site Scripting

Apr 6, 2022 Patched in 5.3.0 (657d)
Code Analysis
Analyzed Mar 16, 2026

Content Egg – Affiliate Product Importer & Price Comparison Code Analysis

Dangerous Functions
24
Raw SQL Queries
17
255 prepared
Unescaped Output
224
2169 escaped
Nonce Checks
14
Capability Checks
21
File Operations
39
External Requests
7
Bundled Libraries
0

Dangerous Functions Found

unserialize$item[$key] = unserialize($item[$key]);application\admin\AutoblogController.php:210
unserialize$item['keywords'] = unserialize($item['keywords']);application\admin\AutoblogController.php:230
unserialize$item['include_modules'] = unserialize($item['include_modules']);application\admin\AutoblogController.php:231
unserialize$item['exclude_modules'] = unserialize($item['exclude_modules']);application\admin\AutoblogController.php:232
unserialize$item['required_modules'] = unserialize($item['required_modules']);application\admin\AutoblogController.php:233
unserialize$item['autoupdate_modules'] = unserialize($item['autoupdate_modules']);application\admin\AutoblogController.php:234
unserialize$item['custom_field_names'] = unserialize($item['custom_field_names']);application\admin\AutoblogController.php:235
unserialize$item['custom_field_values'] = unserialize($item['custom_field_values']);application\admin\AutoblogController.php:236
unserialize$item['config'] = unserialize($item['config']);application\admin\AutoblogController.php:237
unserialize$item['keywords'] = unserialize($item['keywords']);application\admin\AutoblogTable.php:71
unserializeif (!$data = unserialize($result['meta_value']))application\admin\ToolsController.php:153
unserialize$data = @unserialize($meta->meta_value);application\components\LinkIndexBackfiller.php:144
unserialize$autoblog['include_modules'] = unserialize($autoblog['include_modules']);application\models\AutoblogModel.php:133
unserialize$autoblog['exclude_modules'] = unserialize($autoblog['exclude_modules']);application\models\AutoblogModel.php:134
unserialize$autoblog['required_modules'] = unserialize($autoblog['required_modules']);application\models\AutoblogModel.php:135
unserialize$autoblog['keywords'] = unserialize($autoblog['keywords']);application\models\AutoblogModel.php:136
unserialize$autoblog['autoupdate_modules'] = unserialize($autoblog['autoupdate_modules']);application\models\AutoblogModel.php:137
unserialize$autoblog['custom_field_names'] = unserialize($autoblog['custom_field_names']);application\models\AutoblogModel.php:138
unserialize$autoblog['custom_field_values'] = unserialize($autoblog['custom_field_values']);application\models\AutoblogModel.php:139
unserialize$autoblog['config'] = unserialize($autoblog['config']);application\models\AutoblogModel.php:140
unserialize$cf_value = @unserialize($cf_value);application\models\AutoblogModel.php:415
unserializeif (!$data = @unserialize($meta->meta_value))application\models\ProductModel.php:147
unserializeif (!$r = unserialize($product['product']))application\modules\Feed\FeedModule.php:307
unserializeif (!$pdata = unserialize($product['product']))application\modules\Feed\FeedModule.php:359

SQL Query Safety

94% prepared272 total queries

Output Escaping

91% escaped2393 total outputs
Data Flows
23 unsanitized

Data Flow Analysis

25 flows23 with unsanitized paths
displayNotice (application\admin\AdminNotice.php:96)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Content Egg – Affiliate Product Importer & Price Comparison Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_cegg_import_enqueueapplication\admin\import\ImportQueueApi.php:27
noprivwp_ajax_ce_proxy_imageapplication\ImageProxy.php:41
authwp_ajax_ce_proxy_imageapplication\ImageProxy.php:42
WordPress Hooks 22
filtercron_schedulesapplication\admin\import\AutoImportScheduler.php:34
actionadmin_post_cegg_save_presetapplication\admin\import\PresetForm.php:26
actiondeleted_postapplication\admin\import\PresetRepository.php:45
filtercron_schedulesapplication\admin\import\ProductImportScheduler.php:53
actionadmin_menuapplication\admin\ProductImportController.php:33
actionbefore_delete_postapplication\admin\ProductMapMaintenance.php:21
actionwp_trash_postapplication\admin\ProductMapMaintenance.php:22
filterposts_whereapplication\admin\ProductPrefillController.php:427
actionadmin_menuapplication\admin\ProUpsellLinks.php:22
filterthe_contentapplication\AffiliateDisclaimer.php:26
actionenqueue_block_editor_assetsapplication\blocks\productblock\ProductBlock.php:24
actioncontent_egg_save_dataapplication\components\LinkIndexIndexer.php:24
actiondeleted_postapplication\components\LinkIndexIndexer.php:27
actionwoocommerce_before_single_productapplication\GalleryScheduler.php:26
actionprocess_pending_gallery_imagesapplication\GalleryScheduler.php:27
actionwp_footerapplication\helpers\TemplateHelper.php:3703
actioncegg_link_index_backfill_onceapplication\LinkIndexScheduler.php:26
actioncegg_link_index_delete_moduleapplication\LinkIndexScheduler.php:27
actioninitapplication\LocalRedirector.php:38
filterquery_varsapplication\LocalRedirector.php:39
actiontemplate_redirectapplication\LocalRedirector.php:40
filtercron_schedulesapplication\ProductPrefillScheduler.php:53

Scheduled Events 4

cegg_link_index_backfill_once
cegg_link_index_delete_module
cegg_link_index_backfill_once
cegg_link_index_backfill_once
Maintenance & Trust

Content Egg – Affiliate Product Importer & Price Comparison Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 25, 2025
PHP min version7.4
Downloads627K

Community Trust

Rating76/100
Number of ratings50
Active installs10K
Alternatives

Content Egg – Affiliate Product Importer & Price Comparison Alternatives

Ecommerce Affiliate

Ecommerce Affiliate

ecommerce-affiliate

A
100

Enhance your eCommerce store with affiliate marketing features, including product commissions, tracking, and easy integration.

0 No CVEs
PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin

pretty-link

A
90

🌠 The best WordPress link management, branding, tracking, sharing and payments plugin. Easily make pretty & trackable shortlinks. 🔗

300K 8 CVEs
WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

B
75

Easily import any file of any size into any plugin, post type, custom field, or taxonomy. Supports WooCommerce, ACF, images, galleries, users, real es &hellip;

100K 22 CVEs
Product Import Export for WooCommerce – Import Export Product CSV Suite

Product Import Export for WooCommerce – Import Export Product CSV Suite

product-import-export-for-woo

A
94

Easily import/export WooCommerce products (simple, grouped, external/affiliate) via CSV. Transfer product data, including images, reviews, categories, &hellip;

90K 7 CVEs
WP All Import – Import Add-On for ACF

WP All Import – Import Add-On for ACF

csv-xml-import-for-acf

A
100

Drag & drop to import any CSV, Excel, XML, or Google Sheets file into Advanced Custom Fields. Supports repeaters, flexible content, galleries, and &hellip;

40K No CVEs
Developer Profile

Content Egg – Affiliate Product Importer & Price Comparison Developer Profile

keywordrush

1 plugin · 10K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
371 days
View full developer profile
Detection Fingerprints

How We Detect Content Egg – Affiliate Product Importer & Price Comparison

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-egg/res/css/jquery-ui.min.css/wp-content/plugins/content-egg/res/css/bootstrap.min.css/wp-content/plugins/content-egg/res/js/jquery.blockUI.js/wp-content/plugins/content-egg/res/js/keywords.js/wp-content/plugins/content-egg/res/js/content-egg.js/wp-content/plugins/content-egg/res/js/content-egg-admin.js/wp-content/plugins/content-egg/res/css/content-egg-admin.css
Script Paths
contentegg-keywordscontentegg-blockUIcontentegg-admin-ui-csscegg-bootstrap5-full
Version Parameters
content-egg/res/css/jquery-ui.min.css?ver=content-egg/res/css/bootstrap.min.css?ver=content-egg/res/js/jquery.blockUI.js?ver=content-egg/res/js/keywords.js?ver=content-egg/res/js/content-egg.js?ver=content-egg/res/js/content-egg-admin.js?ver=content-egg/res/css/content-egg-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
cegg-bootstrap5-fullcontent-egg-autoblog-indexcontent-egg-autoblog-edit-formcegg-tab-containercontent-egg-filter-formcegg-search-results-wrappercontent-egg-product-single
HTML Comments
Copyright (c) www.keywordrush.com (email: support@keywordrush.com)<!-- Content Egg Admin Settings --><!-- Content Egg Autoblog Table --><!-- Content Egg Product Details -->
Data Attributes
data-cegg-moduledata-cegg-iddata-cegg-typedata-cegg-urldata-cegg-titledata-cegg-price+3 more
JS Globals
ContentEggcontentEggFrontendcegg
REST Endpoints
/wp-json/content-egg/v1/products/wp-json/content-egg/v1/modules
Shortcode Output
[contentegg][contentegg-list][contentegg-amazon][contentegg-ebay]
FAQ

Frequently Asked Questions about Content Egg – Affiliate Product Importer & Price Comparison