Cross-Site Scripting Vulnerability in BFT Autoresponder Plugin for WordPress
CVE-2018-1002006
4.8MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 3 December 2018
What is CVE-2018-1002006?
A Cross-Site Scripting (XSS) vulnerability exists in the BFT Autoresponder plugin for WordPress, allowing an attacker with administrative privileges to exploit the flaw. The vulnerability can be triggered through a malicious POST request that manipulates input variables in the integration-contact-form.html.php file. This flaw enables the execution of arbitrary scripts in the context of users who visit the affected site, potentially compromising user data and site integrity. It is essential for users and administrators to ensure their installations are updated and to apply necessary security measures.
Affected Version(s)
Arigato Autoresponder and Newsletter <= 2.5.1.8