Lucene search
WPScanCVELIST:CVE-2023-0453HistoryFeb 21, 2023 - 8:50 a.m.
CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
2023-02-2108:50:54
WPScan
www.cve.org
1
wp private message
wordpress plugin
superio theme
private message disclosure
idor
cve-2023-0453
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Private Message",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.0.6"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
2023-01-30 00:00:00
wpexploit
wpexploit
WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
2023-01-30 00:00:00
nvd
nvd
CVE-2023-0453
2023-02-21 09:15:13
cve
cve
CVE-2023-0453
2023-02-21 09:15:13
prion
prion
Code injection
2023-02-21 09:15:00
wordfence
wordfence