Arigato Autoresponder
by WordPress
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18461 | Cri | 0.64 | 9.8 | 0.04 | Oct 18, 2018 | The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | ||
| CVE-2018-1002008 | Med | 0.34 | 4.8 | 0.03 | Dec 3, 2018 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | ||
| CVE-2018-1002007 | Med | 0.34 | 4.8 | 0.03 | Dec 3, 2018 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. | ||
| CVE-2018-1002006 | Med | 0.34 | 4.8 | 0.03 | Dec 3, 2018 | These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | ||
| CVE-2018-1002005 | Med | 0.34 | 4.8 | 0.03 | Dec 3, 2018 | These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. | ||
| CVE-2018-1002002 | Med | 0.34 | 4.8 | 0.03 | Dec 3, 2018 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | ||
| CVE-2018-1002001 | Med | 0.34 | 4.8 | 0.03 | Dec 3, 2018 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. |
- risk 0.64cvss 9.8epss 0.04
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
- risk 0.34cvss 4.8epss 0.03
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
- risk 0.34cvss 4.8epss 0.03
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
- risk 0.34cvss 4.8epss 0.03
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
- risk 0.34cvss 4.8epss 0.03
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
- risk 0.34cvss 4.8epss 0.03
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
- risk 0.34cvss 4.8epss 0.03
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.