Vulnerabilities > CVE-2023-0453 - Unspecified vulnerability in Apusthemes WP Private Messaging

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

apusthemes

NVD

Published: 2023-02-21

Updated: 2024-11-21

Summary

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Vulnerable Configurations

Part	Description	Count
Application	Apusthemes Apusthemes WP Private Messaging *	1

References

https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de
https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de