cleantalk
Vulnerabilities and Security Researches

ContentStudio, 20240841e90f9b464c817203ad811fa2abd8fe54

CVE, Research URL

20240841e90f9b464c817203ad811fa2abd8fe54

Home page URL

Security reports for ContentStudio

Application

ContentStudio

Published on
Dec 07, 2022
Research Description
ContentStudio [contentstudio] < 1.1.9 ContentStudio <= 1.1.8 - Missing Authorization The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the cstu_set_token functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to set the plugin's API token (via cstu_set_token), which allows further actions such as creating posts.
Affected versions
Min -, max 1.1.9.
Status
vulnerable
Previous vulnerability researches
ContentStudio (CVE-2023-0558) , Jun 06, 2024
ContentStudio (20240841e90f9b464c817203ad811fa2abd8fe54) , Jun 06, 2024
ContentStudio (CVE-2023-0556) , Jun 06, 2024
ContentStudio (CVE-2023-0557) , Jun 06, 2024
ContentStudio (CVE-2025-47692) , May 09, 2025
New vulnerability
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications &#8211; WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025