5.3
CVE-2017-6955
- EPSS 1.79%
- Veröffentlicht 17.03.2017 09:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginInvite Anyone <= 1.3.14 - Change of Email Invitation Content
An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.
Mögliche Gegenmaßnahme
Invite Anyone: Update to version 1.3.15, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Teleogistic ≫ Invite Anyone SwPlatformwordpress Version <= 1.3.13
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Invite Anyone
Version
[*, 1.3.15)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.79% | 0.756 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.securityfocus.com/bid/96965
https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855
https://wordpress.org/plugins/invite-anyone/changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/80388709-77ee-4f18-9da2-b99f562a20cd