Vulnerability in Invite Anyone Plugin for WordPress by Boone Gorges
CVE-2017-6955

5.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Invite Anyone
Vendor
CVE Published:
17 March 2017

Summary

A security flaw in the Invite Anyone plugin for WordPress allows users to alter the subject and body of invitation emails, which should remain fixed. This potential manipulation opens doors to social engineering attacks, where an attacker could mislead recipients and exploit their trust. The issue primarily affects versions prior to 1.3.15, making it crucial for users to update to mitigate possible risks.

References

http://www.securityfocus.com/bid/96965
vdb-entryx_refsource_BID
https://wordpress.org/plugins/invite-anyone/changelog/
x_refsource_CONFIRM
https://github.com/boonebgorges/invite-anyone/compare/2ed...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.