Medium severity4.3NVD Advisory· Published Feb 21, 2023· Updated Jun 17, 2026
CVE-2023-0453
CVE-2023-0453
Description
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WP Private Messagedescription
- Range: <1.0.6
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6denvdExploitThird Party Advisory
- themeforest.net/item/superio-job-board-wordpress-theme/32180231nvdProduct
News mentions
0No linked articles in our index yet.