CSRF that makes any user send invitations to the attacker by simply clicking on a link.

The researcher found a CSRF issue that allowed targeted links (intended and usable only by a single member) to send connection invitations once clicked on without any prompt/intermediary step to confirm such action. Thank you @marvelmaniac for the report!