CVE-2025-67910

The CVE-2025-67910 entry corresponds to an Unrestricted Upload of File with Dangerous Type vulnerability in the WordPress Contentstudio plugin (<= 1.3.7). The affected component is the Contentstudio WordPress plugin, where the upload routine allows arbitrary file types, enabling a Web Shell up...

CVE-2025-67910 WordPress Contentstudio plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through = 1.3.7...

CVE-2025-67910 WordPress Contentstudio plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through = 1.3.7...

WordPress ContentStudio plugin <= 1.3.7 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Contentstudio versions = 1.3.7...

WordPress ContentStudio plugin <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin Contentstudio versions = 1.3.7...

WordPress Contentstudio plugin <= 1.3.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Contentstudio versions = 1.3.7...

CVE-2025-12181

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstuupdatepost function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrar...

CVE-2025-13144

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

CVE-2025-13144

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

CVE-2025-12181

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstuupdatepost function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrar...

CVE-2025-12181 ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstuupdatepost function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrar...

EUVD-2025-201385

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

CVE-2025-13144 ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

WordPress plugin ContentStudio 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2023-12603

Malicious code in bioql PyPI...

EUVD-2023-12601

Malicious code in bioql PyPI...

EUVD-2023-12602

Malicious code in bioql PyPI...

WordPress ContentStudio plugin improper access control vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress ContentStudio plugin that stems from a lack of authorization, and no detailed vulnerability details are provided...

CVE-2025-49990 WordPress ContentStudio plugin <= 1.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contentstudio: from n/a through = 1.3.7...

CVE-2023-0557

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...