WordPress Plugin Vulnerabilities

Arigato Autoresponder and Newsletter < 2.5.2 - Authenticated Blind SQL Injection & Multiple XSS

Description

The Arigato Autoresponder and Newsletter WordPress plugin was affected by an Authenticated Blind SQL Injection & Multiple XSS security vulnerability.

Affects Plugins

Plugin icon
bft-autoresponder
Fixed in 2.5.2

References

CVE
CVE-2018-1002000
CVE
CVE-2018-1002007
CVE
CVE-2018-1002008
CVE
CVE-2018-1002009
CVE
CVE-2018-1002001
CVE
CVE-2018-1002002
CVE
CVE-2018-1002003
CVE
CVE-2018-1002004
CVE
CVE-2018-1002005
CVE
CVE-2018-1002006
Exploitdb
45434
URL
http://www.vapidlabs.com/advisory.php?v=203
URL
https://plugins.trac.wordpress.org/changeset/1963802/bft-autoresponder

Miscellaneous

Original Researcher
Larry W. Cashdollar, @_larry0
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4067be90-c687-427b-8164-475bf3e20436

Timeline

Publicly Published
2018-12-04 (about 5 years ago)
Added
2018-12-04 (about 5 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2015-03-28
Title
Aspose.Words Exporter < 2.0 - Unauthenticated Arbitrary File Download
Published
2014-12-31
Title
twitterDash 2.1 - CSRF & XSS
Published
2019-07-23
Title
WPS Limit Login <= 1.4.5 - Multiple Issues
Published
2015-07-25
Title
Unite Gallery Lite < 1.5 - CSRF & Authenticated SQL Injection
Published
2014-12-09
Title
PWG R&om <= 1.11 - CSRF & XSS