First published: Mon Dec 03 2018(Updated: )
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Credit: larry0@me.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Arigato Autoresponder And Newsletter | =2.5.1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-1002004 is medium with a score of 4.8.
The reflected XSS vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 allows an attacker with administrative privileges to inject malicious code into a webpage, which is then executed by unsuspecting users.
An attacker with administrative privileges can exploit the reflected XSS vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 to perform actions on behalf of targeted users, steal sensitive information, or spread malware.
To fix the reflected XSS vulnerability in WordPress Arigato Autoresponder and Newsletter v2.5.1.8, update the plugin to a version that has addressed the vulnerability or remove the plugin if it is no longer needed.
You can find more information about CVE-2018-1002004 at the following references: [1] http://www.vapidlabs.com/advisory.php?v=203 [2] https://wordpress.org/plugins/bft-autoresponder/ [3] https://www.exploit-db.com/exploits/45434/