Input Escaping Flaw in Invite-Anyone Plugin for WordPress
CVE-2017-18545
7.5HIGH
Summary
The Invite-Anyone plugin for WordPress, prior to version 1.3.16, contains an input escaping flaw that allows untrusted input to be improperly handled within the Dashboard and front-end, potentially leading to security risks. This vulnerability emphasizes the importance of careful input validation and sanitation in plugin development to safeguard user data and enhance overall security.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved