Vulnerability Details CVE-2018-18461
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.113
EPSS Ranking 93.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/rakjong/vuln/blob/master/woedpress-Arigato%20Autoresponder_and_Newsletter-getshell.pdf
- https://wordpress.org/plugins/bft-autoresponder/#developers
- https://github.com/rakjong/vuln/blob/master/woedpress-Arigato%20Autoresponder_and_Newsletter-getshell.pdf
- https://wordpress.org/plugins/bft-autoresponder/#developers
Products affected by CVE-2018-18461
-
cpe:2.3:a:kibokolabs:arigato_autoresponder_and_newsletter:2.5.1.7