Vulnerability Details : CVE-2023-0556
Potential exploit
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.
Products affected by CVE-2023-0556
- cpe:2.3:a:contentstudio:contentstudio:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0556
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0556
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Wordfence |
CWE ids for CVE-2023-0556
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security@wordfence.com (Primary)
References for CVE-2023-0556
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/52db8d41-859a-4d68-8b83-3d3af8f1bf64
Third Party Advisory
-
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=
Patch;Third Party Advisory
-
https://plugins.trac.wordpress.org/browser/contentstudio/tags/1.2.1/contentstudio-plugin.php#L517
Exploit;Third Party Advisory
Jump to