9.8

CVE-2023-0558

Exploit

EPSS 1.57%
Veröffentlicht 27.01.2023 22:15:09
Zuletzt bearbeitet 21.11.2024 07:37:24
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

ContentStudio <= 1.2.5 - Authorization Bypass

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.

Mögliche Gegenmaßnahme

ContentStudio: Update to version 1.2.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt ContentStudio

Version *-1.2.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Contentstudio ≫ Contentstudio SwPlatformwordpress Version < 1.2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.57%	0.812

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L416

Third Party Advisory

Exploit

Release Notes

https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0558

EUVD