Joomla Permissions Privileges and Access Controls Vulnerability - CVE-2013-3056

Joomla 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.