WordPress ContentStudio Plugin Vulnerable – Update Now to Protect Your Site

CVECVE-2023-0557
CVSScvssV3_1: 7.5
SourceCVE-2023-0557

The popular WordPress plugin ContentStudio, used for creating and managing content directly from the WordPress dashboard, has been found vulnerable in versions up to and including 1.2.5.

Attackers could potentially exploit a “Sensitive Information Exposure” vulnerability to obtain a secret code called a “nonce” without needing to log in. Nonces are used to verify certain actions on a site, like creating new posts. Getting hold of one would allow an attacker to add or modify content on the affected site.

The vulnerability affects sites using outdated versions of the ContentStudio plugin for WordPress. It has been given a CVSS score of 7.5, considered high severity.

If you use ContentStudio on your WordPress site, you should update to the latest 1.2.6 version as soon as possible to patch this security issue. Website owners are also advised to check their sites regularly for outdated plugins and themes to prevent exploitation. Keeping all software up-to-date is one of the best ways to enhance your site’s security.

References