Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

CVE-2023-0453

🗓️ 21 Feb 2023 09:13:15Reported by WPScanType 
cve
 cve🔗 web.nvd.nist.gov👁 36 Views🌐 WEB

The WP Private Message WordPress plugin has an access control issue allowing authenticated users to access other users' private messages

Show more
Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Patchstack		WordPress WP Private Message Plugin < 1.0.6 is vulnerable to Insecure Direct Object References (IDOR)
31 Jan 202300:00
patchstack
Cvelist		CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
21 Feb 202308:50
cvelist
WPVulnDB		WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
30 Jan 202300:00
wpvulndb
Prion		Code injection
21 Feb 202309:15
prion
wpexploit		WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
30 Jan 202300:00
wpexploit
Vulnrichment		CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
21 Feb 202308:50
vulnrichment
NVD		CVE-2023-0453
21 Feb 202309:15
nvd
Wordfence Blog		Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)
9 Feb 202315:31
wordfence
Nvd
Vulners
Node
apusthemeswp_private_messagingRange<1.0.6wordpress
[
  {
    "vendor": "Unknown",
    "product": "WP Private Message",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.0.6"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
noncerequest body/wp-admin/admin-ajax.phpAllows authenticated users to access private messages of other users by tampering with the message ID.CWE-200
message_idrequest body/wp-admin/admin-ajax.phpAllows authenticated users to access private messages of other users by tampering with the message ID.CWE-200

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Feb 2023 09:15Current
4.8Medium risk
Vulners AI Score4.8
CVSS34.3
EPSS0.01675
SSVC
wp private messagewordpress pluginaccess controlsecurity issuenvdcve-2023-0453
36
.json
Report