CVE-2018-1002008

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Arigato Autoresponder And Newsletter
Vendor: CVE Published:; 3 December 2018

Summary

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.

Affected Version(s)

Arigato Autoresponder and Newsletter <= 2.5.1.8

References

https://www.exploit-db.com/exploits/45434/

exploitx_refsource_EXPLOIT-DB

https://wordpress.org/plugins/bft-autoresponder/

x_refsource_MISC

http://www.vapidlabs.com/advisory.php?v=203

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 3, 2018
Vulnerability Reserved
Dec 3, 2018

.