CVE-2023-0556

Name of the Vulnerable Software and Affected Versions ContentStudio plugin for WordPress versions prior to 1.2.5

Description The issue is related to authorization bypass due to a missing capability check on several functions. This allows unauthenticated attackers to obtain blog metadata, including the plugin's contentstudio token, via the cstu get metadata function. Knowing this token enables other interactions with the plugin, such as creating posts.

Recommendations For versions prior to 1.2.5, update to version 1.2.5 or later, which adds other requirements to posting and updating, mitigating the risk of exploitation.