Reflected XSS Vulnerability in WordPress Arigato Autoresponder Plugin
CVE-2018-1002001
4.8MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 3 December 2018
Summary
A reflected Cross-Site Scripting (XSS) vulnerability exists in the WordPress Arigato Autoresponder plugin, specifically in version 2.5.1.8. This issue allows an attacker with administrative privileges to inject malicious scripts into web responses, potentially leading to unauthorized actions and exposure of sensitive information. Exploitation requires user interaction, making awareness and secure practices crucial for administrators.
Affected Version(s)
Arigato Autoresponder and Newsletter <= 2.5.1.8
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved