CVE-2023-0557

Опубликовано: 27 янв. 2023

Источник: nvd

CVSS3: 7.5

CVSS3: 5.3

EPSS Низкий

Описание

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts.

Ссылки

https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L709
Exploit
Issue Tracking
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=
Patch
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/62eb136f-3cb0-40dc-a154-015a7fa1077b
Third Party Advisory
https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L709
Exploit
Issue Tracking
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=
Patch
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/62eb136f-3cb0-40dc-a154-015a7fa1077b
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:contentstudio:contentstudio:*:*:*:*:*:wordpress:*:*

Версия до 1.2.6 (исключая)

EPSS

Процентиль: 79%

0.0128

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-frcq-7vxc-3px2

CVSS3: 5.3

github

около 3 лет назад

EPSS

Процентиль: 79%

0.0128

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo