Lucene search

Invite Anyone Security Vulnerabilities

cve

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.

9.8CVSS

9.4AI Score

0.002EPSS

2019-08-16 09:15 PM

361

cve

CVE-2017-18544

The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.

8.8CVSS

8.7AI Score

0.001EPSS

2019-08-16 09:15 PM

357

cve

CVE-2017-18545

The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.

7.5CVSS

7.6AI Score

0.001EPSS

2019-08-16 09:15 PM

312

cve

CVE-2017-6955

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.

5.3CVSS

5.2AI Score

0.002EPSS

2017-03-17 09:59 AM