Description
WordPress Plugin WP Private Message is prone to a insecure direct object reference (IDOR) vulnerability. Exploiting this issue may allow an attacker to read arbitrary messages. WordPress Plugin WP Private Message version 1.0.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.6 or latest
References
Related Vulnerabilities
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Arbitrary File Upload (1.3.2)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2022-21663)
Oracle JRE CVE-2017-10348 Vulnerability (CVE-2017-10348)
WordPress Plugin Poll, Survey, Questionnaire and Voting system SQL Injection (1.5.2)