CVE-2023-0556

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.

CVSS v3.0 6.5 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=	Patch Third Party Advisory
https://plugins.trac.wordpress.org/browser/contentstudio/tags/1.2.1/contentstudio-plugin.php#L517	Exploit Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/52db8d41-859a-4d68-8b83-3d3af8f1bf64	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:contentstudio:contentstudio:*:*:*:*:*:wordpress:*:*

Information

Published : 2023-01-27 14:15

Updated : 2023-02-06 06:47

NVD link : CVE-2023-0556

Mitre link : CVE-2023-0556

JSON object : View

CWE

CWE-862

Missing Authorization

Advertisement

Products Affected

contentstudio

contentstudio

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=", "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://plugins.trac.wordpress.org/browser/contentstudio/tags/1.2.1/contentstudio-plugin.php#L517", "name": "https://plugins.trac.wordpress.org/browser/contentstudio/tags/1.2.1/contentstudio-plugin.php#L517", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52db8d41-859a-4d68-8b83-3d3af8f1bf64", "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52db8d41-859a-4d68-8b83-3d3af8f1bf64", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-862"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-0556", "ASSIGNER": "security@wordfence.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}}, "publishedDate": "2023-01-27T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:contentstudio:contentstudio:*:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.2.6"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-06T14:47Z"}