漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. The Invite Anyone plugin makes BuddyPress's invitation features more powerful.
The by-email/by-email.php source file implemented in Invite Anyone Plugin for WordPress is prone to a security-bypass vulnerability, which allows manual overriding of non-customizable subject and message lines, which could facilitate a social engineering attack.
Affected Versions:
Invite Anyone plugin before 1.3.15 for WordPress
漏洞危害
Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks.
解决方案
Customers are advised to upgrade their WordPress plugin to Invite Anyone 1.3.15 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论