An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.
CPE | Name | Operator | Version |
---|---|---|---|
invite_anyone | le | 1.3.13 |