CVE-2017-18545

The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input...

EUVD-2017-9661

Malware in sbrugna...

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations...

WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Invite Anyone versions = 1.4.7...

WordPress invite-anyone plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. invite-anyone is an invitation notification plugin used in it. A cross-site request forgery vulnerability exists in the WordPress...

WordPress invite-anyone plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. invite-anyone is an invitation notification plugin used in it. An input validation error vulnerability exists in the WordPress...

CVE-2017-18545

The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input...

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations...

CVE-2017-18543

The CVE-2017-18543 entry concerns the WordPress plugin Invite Anyone, specifically versions before 1.3.16, which has incorrect access control for email-based invitations. The vulnerability is supported by multiple connected sources that describe the plugin’s access-control flaw, its impact, and t...

CVE-2017-18544

The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF...

WordPress Invite Anyone plugin <=1.3.18 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found in WordPress Invite Anyone plugin versions =1.3.18. Solution Update the WordPress Invite Anyone plugin to the latest available version at least version 1.3.19...

WordPress Invite Anyone Plugin Security Bypass Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Invite Anyone is one of the invitation components. A security bypass vulnerability exists in the by-email/by-email.php...

Code injection

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack...

CVE-2017-6955

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack...

CVE-2017-6955

The CVE-2017-6955 vulnerability affects the WordPress plugin Invite Anyone, specifically by-email/by-email.php in versions prior to 1.3.15. An authenticated or sufficient-privileges user can modify the subject and body of the invitation email, which should be immutable, facilitating social engine...