WP Content Pilot – Autoblogging & Affiliate Marketing Plugin < 1.3.4 – Authenticated (Contributor+) Content Injection | CVE 2023-45053 | Plugin Vulnerabilities

Description

The WP Content Pilot plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.3. This vulnerability makes it possible for authenticated attackers, with contributor access or higher to inject new content onto the website, possibly through the manipulation of posts to create new web pages, spam, or phishing.

Affects Plugins

wp-content-pilot

Fixed in 1.3.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/373c10df-0d9c-4f76-8d1f-cad6bcfed141

Classification

Type

CONTENT INJECTION

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

c0ec16b9-3720-44a7-b7c1-ee7e6f44a2c1

Timeline

Publicly Published

2023-10-03 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2023-11-24 (about 2 years ago)

Other

Published

Title

Published

2024-06-28

Title

Photo Gallery by Ays < 5.7.1 - Administrator+ HTML Injection

Published

2022-11-29

Title

Quiz and Survey Master < 8.0.5 - Improper Input Validation

Published

2025-06-05

Title

Profile Builder < 3.13.9 - Unauthenticated Content Spoofing

Published

2024-06-03

Title

Authorize.net Payment Gateway For WooCommerce <= 8.0 - Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass

Published

2024-06-06

Title

YITH WooCommerce Product Add-Ons < 4.9.3 - Unauthenticated Content Injection