3 matches found
CVE-2017-18543
The CVE-2017-18543 entry concerns the WordPress plugin Invite Anyone, specifically versions before 1.3.16, which has incorrect access control for email-based invitations. The vulnerability is supported by multiple connected sources that describe the plugin’s access-control flaw, its impact, and t...
CVE-2017-18544
CVE-2017-18544 affects the WordPress plugin Invite Anyone prior to version 1.3.16. The issue is an admin-panel CSRF vulnerability caused by insufficient CSRF protections on admin endpoints, enabling potentially unauthorized admin actions. Exploitation details, affected environments, and remediati...
CVE-2017-18545
CVE-2017-18545 affects the WordPress plugin Invite Anyone (before version 1.3.16). The issue is improper escaping of untrusted input from Dashboard and front-end, as described across multiple sources (including Red Hat, CVE entries, CNVD). This vulnerability could enable input handling issues wit...