CVE-2023-0453

Exploit

EPSS 0.14%
Veröffentlicht 21.02.2023 09:15:13
Zuletzt bearbeitet 12.03.2025 16:15:18
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WP Private Message < 1.0.6 - Insecure Direct Object Reference

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Mögliche Gegenmaßnahme

WP Private Message: Update to version 1.0.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP Private Message

Version [*, 1.0.6)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apusthemes ≫ Wp Private Messaging SwPlatformwordpress Version < 1.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.347

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

https://themeforest.net/item/superio-job-board-wordpress-theme/32180231

Product

https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/14026e96-7e21-45db-b258-13b014ec478c

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0453

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0453

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0453

EUVD