9.8
CVE-2023-0558
- EPSS 0.88%
- Veröffentlicht 27.01.2023 22:15:09
- Zuletzt bearbeitet 08.04.2026 19:18:01
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginContentStudio <= 1.2.5 - Authorization Bypass
ContentStudio <= 1.2.5 - Authorization Bypass
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.
Mögliche Gegenmaßnahme
ContentStudio: Update to version 1.2.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Contentstudio ≫ Contentstudio SwPlatformwordpress Version < 1.2.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ContentStudio
Version
*-1.2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.88% | 0.543 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L416
https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd