The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| invite_anyone_project | invite_anyone | * |
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| invite_anyone_project | invite_anyone | * |
The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| invite_anyone_project | invite_anyone | * |