CVE-2023-0558

Published: Jan 27, 2023Modified: Apr 8, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.

Affected (1)

Products: Contentstudio: Contentstudio

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Contentstudio Contentstudio	Before 1.2.6

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L416

Source: security@wordfence.com

ExploitRelease NotesThird Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=cve

Source: security@wordfence.com

Third Party Advisory

https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L416

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitRelease NotesThird Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.