Authorization

2023-01-2722:15:00

PRIOn knowledge base

www.prio-n.com

contentstudio plugin

wordpress

authorization bypass

vulnerability

capability check

unauthenticated attackers

blog metadata

contentstudio_token

plugin interaction

creating posts

nvd

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin’s contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.

CPENameOperatorVersion
contentstudiolt1.2.6

CPE	Name	Operator	Version
	contentstudio	lt	1.2.6

References

plugins.trac.wordpress.org/browser/contentstudio/tags/1.2.1/contentstudio-plugin.php

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/52db8d41-859a-4d68-8b83-3d3af8f1bf64