QwikSec

Security Database

CVE

CWE

Training

CVE-2023-0453

Published: Feb 21, 2023

Modified: Mar 12, 2025

PUBLISHED

Description

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Vendor	Product	Versions
Unknown	WP Private Message	affected `0 - < 1.0.6`

References

https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de

exploit

vdb-entry

technical-description

https://themeforest.net/item/superio-job-board-wordpress-theme/32180231

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.