← back
CVE-2017-6955

CVE-2017-6955

EPSS 1.8%
An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855https://wordpress.org/plugins/invite-anyone/changelog/http://www.securityfocus.com/bid/96965