CVE-2023-0453
CVE-2023-0453 affects the WP Private Message WordPress plugin (bundled with the Superio theme) prior to version 1.0.6. The root cause is insecure direct object references: private messages could be accessed by tampering the message_id value, allowing any authenticated user to view another user’s ...