CVE-2017-6955

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.

Ссылки

http://www.securityfocus.com/bid/96965
Third Party Advisory
VDB Entry
https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855
Third Party Advisory
https://wordpress.org/plugins/invite-anyone/changelog/
Release Notes
Third Party Advisory
http://www.securityfocus.com/bid/96965
Third Party Advisory
VDB Entry
https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855
Third Party Advisory
https://wordpress.org/plugins/invite-anyone/changelog/
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:teleogistic:invite_anyone:*:*:*:*:*:wordpress:*:*

Версия до 1.3.13 (включая)

EPSS

Процентиль: 75%

0.00882

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-3gh5-8j6v-4qqc