CVE-2023-0558

Published Jan 27, 2023

Last updated 10 months ago

Overview

Description: The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.
Source: security@wordfence.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:contentstudio:contentstudio:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2258CF06-A5A1-408E-996F-F16D5D0B57E7",
            "versionEndExcluding": "1.2.6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References