A high-severity vulnerability has been identified in the ContentStudio plugin for WordPress, which could allow an attacker to upload malicious files to an affected website. Successful exploitation could lead to a complete compromise of the website, enabling the attacker to steal data, deface the site, or take control of the underlying server. Organizations using this plugin are urged to apply the recommended updates immediately to mitigate this significant risk.

The vulnerability exists within the cstu_update_post() function of the ContentStudio plugin. This function is responsible for handling file uploads but fails to properly validate the type of file being uploaded. An authenticated attacker, potentially with low-level privileges, can exploit this flaw by crafting a request to upload a malicious script (e.g., a PHP web shell) disguised as a legitimate file. Because the server-side code does not check the file extension or content, the malicious file is saved to the server, allowing the attacker to execute arbitrary code with the permissions of the web server process.

This vulnerability is rated as High severity with a CVSS score of 8.8. A successful exploit could have a severe impact on the business, leading to a complete compromise of the web server. Potential consequences include theft of sensitive data (such as customer information, user credentials, or payment details), website defacement causing reputational damage, and loss of customer trust. Furthermore, a compromised server could be used to host malware, launch attacks against other systems, or be integrated into a botnet, creating further legal and financial liabilities for the organization.

Immediate Action: Immediately update the ContentStudio plugin to the latest version provided by the vendor, which contains a patch for this vulnerability. If the plugin is no longer required for business operations, it should be deactivated and completely removed from the WordPress installation to eliminate the attack surface.

Proactive Monitoring: Monitor web server access logs for suspicious POST requests to endpoints associated with the ContentStudio plugin, particularly looking for uploads of files with unexpected extensions (e.g., .php, .phtml, .sh). Monitor the file system for the creation of unauthorized files within the WordPress uploads directory or other web-accessible locations. Network monitoring should be in place to detect any unusual outbound connections from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to inspect file uploads and block files with executable extensions. Enforce strict file permissions on the web server's upload directories to prevent script execution. Additionally, consider disabling the specific vulnerable functionality if it is not critical to the plugin's use.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the critical impact of arbitrary code execution, this vulnerability poses a significant and immediate threat to affected organizations. We strongly recommend that all systems running the vulnerable version of the ContentStudio plugin be patched immediately. Due to the ease of exploitation and the potential for complete system compromise, this issue should be treated as a top priority for remediation, even though it is not currently listed on the CISA KEV catalog.