cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0556,https://securityvulnerability.io/vulnerability/CVE-2023-0556,Authorization Bypass in ContentStudio Plugin for WordPress,"The ContentStudio plugin for WordPress is susceptible to an authorization bypass due to a lack of capability checks on certain functions. This vulnerability affects all versions up to and including 1.2.5, allowing unauthenticated attackers to access sensitive blog metadata. Specifically, attackers can retrieve the plugin's contentstudio_token through the cstu_get_metadata function, which can lead to unauthorized interactions with the plugin, such as creating or updating posts, prior to the implementation of additional security measures in later versions.",Wordpress,ContentStudio,6.5,MEDIUM,0.0010000000474974513,false,,false,false,false,,false,false,2023-01-27T22:15:00.000Z,0
CVE-2023-0557,https://securityvulnerability.io/vulnerability/CVE-2023-0557,Sensitive Information Exposure in ContentStudio Plugin for WordPress,"The ContentStudio plugin for WordPress has a vulnerability that permits unauthorized access to sensitive information in versions up to and including 1.2.5. This flaw allows unauthenticated attackers to retrieve a nonce key necessary for post creation, potentially compromising site security. Users are advised to update the plugin to the latest version to mitigate this risk.",Wordpress,ContentStudio,5.3,MEDIUM,0.0009899999713525176,false,,false,false,false,,false,false,2023-01-27T22:15:00.000Z,0
CVE-2023-0558,https://securityvulnerability.io/vulnerability/CVE-2023-0558,Authorization Bypass in ContentStudio Plugin for WordPress,"The ContentStudio plugin for WordPress suffers from an authorization bypass vulnerability, allowing unauthenticated attackers to gain access to functionalities that are intended for authenticated users. This vulnerability arises from an insecure token validation mechanism susceptible to type juggling, which can be exploited in all versions up to and including 1.2.5. As a result, attackers may execute functions typically reserved for users with valid API keys, possibly leading to unauthorized data manipulation or other malicious actions.",Wordpress,ContentStudio,9.8,CRITICAL,0.002580000087618828,false,,false,false,false,,false,false,2023-01-27T22:15:00.000Z,0