The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.
Metrics
Affected Vendors & Products
References
History
Wed, 12 Mar 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-03-12T15:08:26.567Z
Reserved: 2023-01-23T19:09:50.881Z
Link: CVE-2023-0453

Updated: 2024-08-02T05:10:56.352Z

Status : Modified
Published: 2023-02-21T09:15:13.037
Modified: 2025-03-12T16:15:18.720
Link: CVE-2023-0453

No data.