cleantalk
Vulnerabilities and Security Researches

ContentStudio, CVE-2023-0556

CVE, Research URL

CVE-2023-0556

Home page URL

Security reports for ContentStudio

Application

ContentStudio

Published on
Jan 28, 2023
Research Description
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.
Affected versions
Min -, max 1.2.6.
Status
vulnerable
Previous vulnerability researches
ContentStudio (CVE-2023-0558) , Jun 06, 2024
ContentStudio (20240841e90f9b464c817203ad811fa2abd8fe54) , Jun 06, 2024
ContentStudio (CVE-2023-0556) , Jun 06, 2024
ContentStudio (CVE-2023-0557) , Jun 06, 2024
ContentStudio (CVE-2025-47692) , May 09, 2025
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025