Evite.com's Security Flaw

After recently receiving an invite to a company party via Evite.com's invitation service I looked into how they manage whose attending and also came across a major security flaw which anyone can use to manipulate other peoples votes. Here is a guide on how to recreate this issue on Evite.com.

1. Find an event
2. Using Firebug or other Web Development tools, inspect a guest on the guest list. You should see something like:
   <a> <div class="avatar guest_1073ACRBSZI3CIS4CEO762OQQ6P6M"><img src="images/ghostface.gif"></div> <span class="username">Nej Kutcharian</span> </a>
3. Now inspect the div within the anchor tag and you will notice that each div has it's own unique class (ex. "avatar_guest_####"), now the actual guest id is hidden in this class, so if you copy the alphanumerical letters after "avatar_guest_" you can act like this user. So go ahead and copy all alphanumerical letters after "avatar_guest_". I've went ahead and bolded it in the example.
   <a> <div class="avatar guest_1073ACRBSZI3CIS4CEO762OQQ6P6M"><img src="images/ghostface.gif"></div> <span class="username">Nej Kutcharian</span> </a>
4. Finally go to your address bar and copy paste the guest id after &gid
   http://new.evite.com/?utm_source=other_email&utm_medium=email&utm_content=text&utm_campaign=invite#view_invite:eid=###&gid=Paste here
5. Hit enter and you're now the guest you originally inspected.

By completing the following steps you will be granted the permission of that particular user and you will be allowed to change that users invitation and comment as if you were them.