CVE-2017-6955 in Invite Anyone Plugininfo

Summary

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

03/17/2017

Disclosure

03/17/2017

Moderation

VulDB entry created

Entries

VDB-98223 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.9

EPSS

0.00882

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-6955
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-6955
CVE Details	https://www.cvedetails.com/cve/CVE-2017-6955/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!