The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.
History

Wed, 12 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-03-12T15:08:26.567Z

Reserved: 2023-01-23T19:09:50.881Z

Link: CVE-2023-0453

cve-icon Vulnrichment

Updated: 2024-08-02T05:10:56.352Z

cve-icon NVD

Status : Modified

Published: 2023-02-21T09:15:13.037

Modified: 2025-03-12T16:15:18.720

Link: CVE-2023-0453

cve-icon Redhat

No data.