Vulnerabilities and security researches forinvite-anyone invite-anyone

Jun 07, 2024

CVE, Research URL: CVE-2017-6955
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: Mar 17, 2017
Research Description: An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.
Affected versions: max 1.3.15.
Status: vulnerable

CVE, Research URL: CVE-2017-18543
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: Aug 17, 2019
Research Description: The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
Affected versions: max 1.3.16.
Status: vulnerable

CVE, Research URL: CVE-2017-18545
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: Aug 17, 2019
Research Description: The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.
Affected versions: max 1.3.16.
Status: vulnerable

CVE, Research URL: CVE-2017-18544
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: Aug 17, 2019
Research Description: The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
Affected versions: max 1.3.16.
Status: vulnerable

Aug 20, 2024

CVE, Research URL: CVE-2024-43327
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: Aug 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7.
Affected versions: max 1.4.8.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: ae275717e9ce52f64daecbc97587cc20a1342d6b
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: Mar 22, 2017
Research Description: Invite Anyone [invite-anyone] < 1.3.16 WordPress Invite Anyone plugin <=1.3.15 - Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability WordPress Invite Anyone plugin Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities were found in 1.3.15 version. The settings are passed without any sanitization to function register_setting(). Update the plugin.
Affected versions: max 1.3.16.
Status: vulnerable

CVE, Research URL: 9b02fd39fcfc3310ff8ba309239700f32b4b5cd5
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: Oct 13, 2017
Research Description: Invite Anyone [invite-anyone] < 1.3.19 WordPress Invite Anyone plugin <=1.3.18 - Unauthenticated PHP Object Injection vulnerability Unauthenticated PHP Object Injection vulnerability found in WordPress Invite Anyone plugin (versions <=1.3.18).
Affected versions: max 1.3.19.
Status: vulnerable

CVE, Research URL: 8b07ede0-3713-473a-a275-8c10829eab9b
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: -
Research Description: Invite Anyone [invite-anyone] < 1.3.19 Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector.
Affected versions: max 1.3.19.
Status: vulnerable

CVE, Research URL: 04b851cdaf9d8dbd4053b20060fb2a47e432d547
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Date: Oct 12, 2017
Research Description: Invite Anyone [invite-anyone] < 1.3.19 Invite Anyone <= 1.3.18 - PHP Object Injection The Invite Anyone plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.3.18 via deserialization of untrusted input from the 'invite-anyone/trunk/by-email/by-email.php' file. This allows unauthenticated attackers to inject a PHP Object.
Affected versions: max 1.3.19.
Status: vulnerable