Invite Anyone, 04b851cdaf9d8dbd4053b20060fb2a47e432d547

CVE, Research URL: 04b851cdaf9d8dbd4053b20060fb2a47e432d547
Home page URL: Security reports for Invite Anyone
Application: Invite Anyone
Published on: Oct 12, 2017
Research Description: Invite Anyone [invite-anyone] < 1.3.19 Invite Anyone <= 1.3.18 - PHP Object Injection The Invite Anyone plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.3.18 via deserialization of untrusted input from the 'invite-anyone/trunk/by-email/by-email.php' file. This allows unauthenticated attackers to inject a PHP Object.
Affected versions: max 1.3.19.
Status: vulnerable