21 Sep

Vulnerability Details: PHP Object Injection Vulnerability in Invite Anyone

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. Since June we have been doing proactive monitoring of changes made [Read more]

22 Mar

Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Invite Anyone

At the beginning of the year we took a couple of actions to improve our inclusion of vulnerabilities where there has not been a report on the vulnerability released by the discoverer so that we could expand the number of vulnerabilities we include in our dataset. First, we expanded our monitoring of changes made to plugins [Read more]

22 Mar

Improper Access Control Vulnerability in Invite Anyone

At the beginning of the year we took a couple of actions to improve our inclusion of vulnerabilities where there has not been a report on the vulnerability released by the discoverer so that we could expand the number of vulnerabilities we include in our dataset. First, we expanded our monitoring of changes made to plugins [Read more]

21 Mar

Vulnerability Details: Authenticated Arbitrary Email Sending Vulnerability in Invite Anyone

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases [Read more]