CVE-2023-4023 : The All Users Messenger WordPress plugin through 1.24 does not prevent non-admin

The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger.

Published 2023-08-30 15:15:10

Updated 2025-05-05 16:15:49

Source WPScan

View at NVD, CVE.org

Products affected by CVE-2023-4023

Riverforest-wp » All Users Messenger » For Wordpress
Versions up to, including, (<=) 1.24
cpe:2.3:a:riverforest-wp:all_users_messenger:*:*:*:*:*:wordpress:*:*
Matching versions

EPSS FAQ

0.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-05-05
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

Jump to