The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.
References
Link | Resource |
---|---|
https://themeforest.net/item/superio-job-board-wordpress-theme/32180231 | Product |
https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-02-21T08:50:54.150Z
Updated: 2023-02-21T08:50:54.150Z
Reserved: 2023-01-23T19:09:50.881Z
Link: CVE-2023-0453
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-21T09:15:13.037
Modified: 2023-11-07T04:00:30.840
Link: CVE-2023-0453
JSON object: View
Redhat Information
No data.
CWE
No CWE.