5 matches found
CVE-2023-0453
The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...
CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...
CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...
CVE-2023-0453
CVE-2023-0453 affects the WP Private Message WordPress plugin (bundled with the Superio theme) prior to version 1.0.6. The root cause is insecure direct object references: private messages could be accessed by tampering the message_id value, allowing any authenticated user to view another user’s ...
WordPress WP Private Message Plugin < 1.0.6 is vulnerable to Insecure Direct Object References (IDOR)
Software WP Private Message Type Plugin Vulnerable versions 1.0.6 Fixed in 1.0.6 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-0453 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID c5646ba0a8f7 Credits Veshraj...