Vulnerability Details : CVE-2023-0453
Potential exploit
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.
Products affected by CVE-2023-0453
- cpe:2.3:a:apusthemes:wp_private_messaging:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0453
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0453
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-03-12 |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2023-0453
-
https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
Superio – Job Board WordPress Theme by ApusTheme | ThemeForestProduct
-
https://wpscan.com/vulnerability/f915e5ac-e216-4d1c-aec1-c3be11e2a6de
Just a moment...Exploit;Third Party Advisory
Jump to