CVE-2023-0558

Опубликовано: 27 янв. 2023

Источник: nvd

CVSS3: 8.2

CVSS3: 9.8

EPSS Низкий

Описание

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.

Ссылки

https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L416
Exploit
Release Notes
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L416
Exploit
Release Notes
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:contentstudio:contentstudio:*:*:*:*:*:wordpress:*:*

Версия до 1.2.6 (исключая)

EPSS

Процентиль: 78%

0.01156

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-42mm-238w-2fxw

CVSS3: 9.8

github

около 3 лет назад

EPSS

Процентиль: 78%

0.01156

Низкий

8.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo