CVE-2023-0453

Published: Feb 21, 2023Modified: Mar 12, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Affected (1)

Products: Apusthemes: Wp Private Messaging

1 product

Wp Private Messaging

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apusthemes Wp Private Messaging	Before 1.0.6

References (4)

https://themeforest.net/item/superio-job-board-wordpress-theme/32180231

Source: contact@wpscan.com

Product

https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de

Source: contact@wpscan.com

ExploitThird Party Advisory

https://themeforest.net/item/superio-job-board-wordpress-theme/32180231

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.