WordPress Plugin Vulnerabilities

ContentStudio < 1.2.6 - Unauthorised Function Calls

Description

The plugin does not have authorisation checks in various functions, which could allow unauthenticated users to retrieve arbitrary metadata, including the plugin's token used in other actions like when creating a post

Affects Plugins

Plugin icon
contentstudio
Fixed in 1.2.6

References

CVE
CVE-2023-0556

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.2 (high)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
831dda18-0d03-4ac7-982a-b831e2d8c9b5

Timeline

Publicly Published
2023-01-06 (about 3 years ago)
Added
2023-01-28 (about 2 years ago)
Last Updated
2023-01-28 (about 2 years ago)

Other

Published
Title
Published
2024-05-29
Title
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.3 - Missing Authorization to Arbitrary Options Update
Published
2023-11-14
Title
Thrive Theme Builder < 3.24.0 - Missing Authorization
Published
2025-08-29
Title
Blog Designer PRO <= 3.4.8 - Missing Authorization
Published
2025-03-06
Title
School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting
Published
2026-01-06
Title
Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update