Description
Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
Published: 2025-05-07
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Contentstudio plugin for WordPress contains a missing authorization issue that permits users to execute actions they should not be able to perform. This vulnerability permits an attacker to read or modify content through the plugin’s interfaces, potentially leaking sensitive data or tampering with site assets. The weakness is a classic broken access control (CWE-862).

Affected Systems

All installations of the Contentstudio plugin for WordPress with version 1.3.5 or earlier are affected. No additional vendor or product variants are listed.

Risk and Exploitability

The CVSS base score of 4.3 reflects a moderate impact scenario, while the EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not included in the CISA KEV catalog. It is most likely to be abused through web-based interaction with the WordPress site where the plugin is active, and an attacker would need only an unprivileged account or possibly no account at all to trigger the missing access check.

Generated by OpenCVE AI on April 30, 2026 at 13:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Contentstudio plugin to version 1.3.6 or later
  • If an upgrade is not immediately possible, temporarily disable the plugin until a patch is applied
  • Ensure that the plugin’s directory permissions are restrictive and that only the owner can modify its files
  • Configure your web application firewall to block anomalous requests to the plugin’s endpoints

Generated by OpenCVE AI on April 30, 2026 at 13:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13718 Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3. Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a through <= 1.3.5.
Title WordPress ContentStudio <= 1.3.3 - Broken Access Control Vulnerability WordPress ContentStudio plugin <= 1.3.5 - Broken Access Control Vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00034}

 epss

{'score': 0.00039}

Wed, 07 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 May 2025 14:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in contentstudio ContentStudio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ContentStudio: from n/a through 1.3.3.
Title WordPress ContentStudio <= 1.3.3 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Contentstudio Contentstudio
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:50.334Z

Reserved: 2025-05-07T10:45:47.046Z

Link: CVE-2025-47692

cve-icon Vulnrichment

Updated: 2025-05-07T17:18:23.292Z

cve-icon NVD

Status : Deferred

Published: 2025-05-07T15:16:21.010

Modified: 2026-04-23T15:30:45.387

Link: CVE-2025-47692

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T13:15:37Z

Weaknesses