Skip to main content

Arigato Autoresponder And Newsletter CVE-2023-0543

MEDIUM
2023-02-27 contact@wpscan.com
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 27, 2023 - 16:15 nvd
MEDIUM 4.8

DescriptionNVD

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

AnalysisAI

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Affected products include: Kibokolabs Arigato Autoresponder And Newsletter. Version information: before 2.1.7.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-18461 CRITICAL POC
9.8 Oct 18

The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers t

CVE-2018-1002000 HIGH POC
7.2 Dec 03

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require ad

CVE-2023-47686 HIGH
8.8 Nov 16

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 ve

CVE-2018-1002009 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002008 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002007 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002006 MEDIUM POC
4.8 Dec 03

These vulnerabilities require administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability

CVE-2018-1002005 MEDIUM POC
4.8 Dec 03

These vulnerabilities require administrative privileges to exploit. Rated medium severity (CVSS 4.8), this vulnerability

CVE-2018-1002004 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002003 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002002 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

CVE-2018-1002001 MEDIUM POC
4.8 Dec 03

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability re

Share

CVE-2023-0543 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy