Cross-Site Request Forgery Vulnerability in ContentStudio Plugin for WordPress
CVE-2025-13144

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Contentstudio
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-13144?

The ContentStudio plugin for WordPress is susceptible to a Cross-Site Request Forgery attack due to inadequate nonce validation within the add_cstu_settings function. This vulnerability allows unauthenticated individuals to alter plugin settings by tricking a site administrator into executing a forged action, such as clicking on a malicious link, potentially compromising the site’s integrity. It is recommended to update the plugin to a secure version and enforce proper nonce validation to mitigate such risks.

Affected Version(s)

ContentStudio * <= 1.3.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/contentstudio/...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Nov 13, 2025

Credit

Muhammad Nur Ibnu Hubab

JSON