Kibokolabs: >> Arigato Autoresponder And Newsletter Security Vulnerabilities
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-12-03
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-03
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-03
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-03
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-03
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
CVSS Score
9.8
EPSS Score
0.113
Published
2018-10-18
Page 2