WordPress Plugin Vulnerabilities

ContentStudio < 1.2.6 - Nonce Disclosure

Description

The plugin discloses sensitive information to unauthenticated users, such as a nonce used to create a posts

Affects Plugins

Plugin icon
contentstudio
Fixed in 1.2.6

References

CVE
CVE-2023-0557

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Chloe Chamberland
Verified
No
WPVDB ID
2aab8bbb-8fe0-4677-903e-468b24f3db9c

Timeline

Publicly Published
2023-01-27 (about 2 years ago)
Added
2023-01-28 (about 2 years ago)
Last Updated
2023-01-28 (about 2 years ago)

Other

Published
Title
Published
2025-11-21
Title
OneClick Chat to Order < 1.0.9 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure
Published
2025-06-27
Title
Audio Editor & Recorder < 2.2.4 - Unauthenticated Information Exposure
Published
2025-12-12
Title
WPGraphQL Smart Cache < 2.0.1 - Unauthenticated Private Content Disclosure
Published
2025-12-21
Title
PostX < 5.0.4 - Unauthenticated Information Exposure
Published
2024-07-11
Title
WP Popups – WordPress Popup builder < 2.2.0.2 - Unauthenticated Full Path Disclosure