Kibokolabs Arigato Autoresponder And Newsletter vulnerabilities
16 known vulnerabilities affecting kibokolabs/arigato_autoresponder_and_newsletter.
Total CVEs
16
CISA KEV
0
Public exploits
10
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM13
Vulnerabilities
Page 1 of 1
CVE-2018-1002000P3HIGHCVSS 7.2PoCv2.5.1.82018-12-03
CVE-2018-1002000 [HIGH] CWE-89 CVE-2018-1002000: There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulner
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
nvd
CVE-2018-18461P3CRITICALCVSS 9.8v2.5.1.72018-10-18
CVE-2018-18461 [CRITICAL] CWE-94 CVE-2018-18461: The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allow
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
nvd
CVE-2018-1002005P4MEDIUMCVSS 4.8PoC≥ 2.5.0, < 2.5.1.52018-12-03
CVE-2018-1002005 [MEDIUM] CWE-79 CVE-2018-1002005: These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
nvd
CVE-2018-1002001P4MEDIUMCVSS 4.8PoCv2.5.1.82018-12-03
CVE-2018-1002001 [MEDIUM] CWE-79 CVE-2018-1002001: There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 T
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
nvd
CVE-2018-1002003P4MEDIUMCVSS 4.8PoCv2.5.1.82018-12-03
CVE-2018-1002003 [MEDIUM] CWE-79 CVE-2018-1002003: There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 T
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
nvd
CVE-2018-1002004P4MEDIUMCVSS 4.8PoCv2.5.1.82018-12-03
CVE-2018-1002004 [MEDIUM] CWE-79 CVE-2018-1002004: There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 T
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
nvd
CVE-2018-1002002P4MEDIUMCVSS 4.8PoCv2.5.1.82018-12-03
CVE-2018-1002002 [MEDIUM] CWE-79 CVE-2018-1002002: There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 T
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
nvd
CVE-2018-1002007P4MEDIUMCVSS 4.8PoCv2.5.1.82018-12-03
CVE-2018-1002007 [MEDIUM] CWE-79 CVE-2018-1002007: There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 T
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
nvd
CVE-2018-1002006P4MEDIUMCVSS 4.8PoC≥ 2.5.0, < 2.5.1.52018-12-03
CVE-2018-1002006 [MEDIUM] CWE-79 CVE-2018-1002006: These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
nvd
CVE-2018-1002009P4MEDIUMCVSS 4.8PoCv2.5.1.82018-12-03
CVE-2018-1002009 [MEDIUM] CWE-79 CVE-2018-1002009: There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 T
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
nvd
CVE-2018-1002008P4MEDIUMCVSS 4.8PoCv2.5.1.82018-12-03
CVE-2018-1002008 [MEDIUM] CWE-79 CVE-2018-1002008: There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 T
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
nvd
CVE-2023-47686P4HIGHCVSS 8.8≤ 2.7.2.22023-11-16
CVE-2023-47686 [HIGH] CWE-352 CVE-2023-47686: Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter
Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions.
nvd
CVE-2023-25020P4MEDIUMCVSS 6.1≤ 2.7.1.12023-04-07
CVE-2023-25020 [MEDIUM] CWE-79 CVE-2023-25020: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and New
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
nvd
CVE-2023-25061P4MEDIUMCVSS 5.4≤ 2.7.1.12023-04-07
CVE-2023-25061 [MEDIUM] CWE-79 CVE-2023-25061: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresp
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
nvd
CVE-2023-0543P4MEDIUMCVSS 4.8fixed in 2.1.7.22023-02-27
CVE-2023-0543 [MEDIUM] CWE-79 CVE-2023-0543: The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escap
The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
nvd
CVE-2023-25031P4MEDIUMCVSS 4.8≤ 2.7.12023-04-07
CVE-2023-25031 [MEDIUM] CWE-79 CVE-2023-25031: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.
nvd