Home > Vulnerability Database > CVE-2023-0558

Mend.io Vulnerability Database

CVE-2023-0558

Good to know:

Date: January 27, 2023

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.

Language: PHP

Severity Score

9.8

Related Resources (6)

Url: https://ti.wordfence.io/vulnerabilities/52db8d41-859a-4d68-8b83-3d3af8f1bf64

Url: https://plugins.trac.wordpress.org/browser/contentstudio/trunk/contentstudio-plugin.php#L416

Url: https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd

Url: https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=cve

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-0558

Url: https://www.mend.io/vulnerability-database/CVE-2023-0558

Severity Score

9.8

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version 1.2.6

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-0558

Good to know:

Date: January 27, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?