cvedb.io
CVE-2023-0453
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2023-02-21T09:15:13.037 · Last modified 2026-06-17T05:25:34.913

Summary

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Affected products

apusthemes — wp_private_messaging

Does this affect you?

Add your gear to cvedb and we'll alert you only when apusthemes ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.