Lucene search

WordfenceCVELIST:CVE-2023-0557

HistoryJan 27, 2023 - 9:09 p.m.

CVE-2023-0557

2023-01-2721:09:08

Wordfence

www.cve.org

wordpress

contentstudio

vulnerability

sensitive information exposure

unauthenticated attackers

nonce

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

41.5%

JSON

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts.

CNA Affected

[
  {
    "vendor": "contentstudio",
    "product": "ContentStudio",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.2.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L709

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/62eb136f-3cb0-40dc-a154-015a7fa1077b

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

41.5%

JSON

Related for CVELIST:CVE-2023-0557