Skip to main content

Arigato Autoresponder And Newsletter CVE-2018-1002004

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-12-03 larry0@me.com
4.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 03, 2018 - 16:29 nvd
MEDIUM 4.8

DescriptionNVD

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

AnalysisAI

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Affected products include: Kibokolabs Arigato Autoresponder And Newsletter.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2018-18461 CRITICAL POC
9.8 Oct 18

The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers t

CVE-2018-1002000 HIGH POC
7.2 Dec 03

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require ad

CVE-2023-47686 HIGH
8.8 Nov 16

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 ve

CVE-2023-0543 MEDIUM POC
4.8 Feb 27

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settin

CVE-2018-1002009 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002008 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002007 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002006 MEDIUM POC
4.8 Dec 03

These vulnerabilities require administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability

CVE-2018-1002005 MEDIUM POC
4.8 Dec 03

These vulnerabilities require administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability

CVE-2018-1002003 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002002 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002001 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

Share

CVE-2018-1002004 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy