WordPress Plugin Vulnerabilities

ContentStudio < 1.2.6 - Authorisation Bypass

Description

The plugin does not properly check for API keys, allowing unauthenticated users bypass of the authorisation in place via type juggling

Affects Plugins

Plugin icon
contentstudio
Fixed in 1.2.6

References

CVE
CVE-2023-0558

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
8.2 (high)

Miscellaneous

Original Researcher
Chloe Chamberland
Verified
No
WPVDB ID
263bb71a-d41b-4250-9a66-3d6ea1bedb32

Timeline

Publicly Published
2023-01-27 (about 2 years ago)
Added
2023-01-28 (about 2 years ago)
Last Updated
2023-01-28 (about 2 years ago)

Other

Published
Title
Published
2024-10-24
Title
Comments – wpDiscuz < 7.6.25 - Authentication Bypass
Published
2025-12-09
Title
Elated Membership < 1.3 - Authentication Bypass via Social Login
Published
2014-08-01
Title
WordPress <= 3.0.5 wp-admin/press-this.php Privilege Escalation
Published
2014-08-01
Title
WordPress 2.0 - 3.0.1 wp-includes/capabilities.php Remote Authenticated Administrator Delete Action Bypass
Published
2014-09-17
Title
WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout