cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2017-18543,https://securityvulnerability.io/vulnerability/CVE-2017-18543,Access Control Flaw in Invite-Anyone Plugin for WordPress,"The Invite-Anyone plugin for WordPress, prior to version 1.3.16, possesses an access control vulnerability that allows unauthorized users to send email invitations. This flaw can potentially expose users to spam or phishing attempts, as it fails to properly restrict who can utilize the email invitation feature.",Wordpress,Invite Anyone,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2019-08-16T20:17:56.000Z,0
CVE-2017-18544,https://securityvulnerability.io/vulnerability/CVE-2017-18544,Admin-Panel CSRF Vulnerability in Invite-Anyone Plugin for WordPress,"The Invite-Anyone plugin for WordPress, prior to version 1.3.16, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that can allow attackers to perform unauthorized actions on behalf of legitimate users. This flaw highlights the necessity for robust security measures within web applications to prevent potential exploits that could compromise user accounts and administrative functionalities.",Wordpress,Invite Anyone,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2019-08-16T20:17:16.000Z,0
CVE-2017-18545,https://securityvulnerability.io/vulnerability/CVE-2017-18545,Input Escaping Flaw in Invite-Anyone Plugin for WordPress,"The Invite-Anyone plugin for WordPress, prior to version 1.3.16, contains an input escaping flaw that allows untrusted input to be improperly handled within the Dashboard and front-end, potentially leading to security risks. This vulnerability emphasizes the importance of careful input validation and sanitation in plugin development to safeguard user data and enhance overall security.",Wordpress,Invite Anyone,7.5,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2019-08-16T20:16:41.000Z,0
CVE-2017-6955,https://securityvulnerability.io/vulnerability/CVE-2017-6955,,"An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.",Wordpress,Invite Anyone,5.3,MEDIUM,0.0019199999514967203,false,,false,false,false,,,false,false,,2017-03-17T08:55:00.000Z,0