exploitDog

CVE-2023-0453

Опубликовано: 21 фев. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

Ссылки

https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
Product
https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de
Exploit
Third Party Advisory
https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
Product
https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apusthemes:wp_private_messaging:*:*:*:*:*:wordpress:*:*

Версия до 1.0.6 (исключая)

EPSS

Процентиль: 36%

0.00149

Низкий

4.3 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-849q-f682-346f

CVSS3: 4.3

github

почти 3 года назад

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.

EPSS

Процентиль: 36%

0.00149

Низкий

4.3 Medium

CVSS3

Дефекты