CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-0453

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.2%

CVSS Severity

CVSS v3 Score 4.3

References

https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de
https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de

Products affected by CVE-2023-0453

Apusthemes » Wp Private Messaging » Version: Any

cpe:2.3:a:apusthemes:wp_private_messaging:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0453

Products

Pricing

Contact Us