CVE-2017-6955
N/A
N/A
Summary
An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/96965
- https://wordpress.org/plugins/invite-anyone/changelog/
- https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac…boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855
References
- http://www.securityfocus.com/bid/96965
- https://wordpress.org/plugins/invite-anyone/changelog/
- https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac…boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.