RSS   Vulnerabilities for 'Invite anyone plugin'   RSS

2017-03-17
 
CVE-2017-6955

 

 
An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.

 


Copyright 2024, cxsecurity.com

 

Back to Top