CVE-2018-1002005: XSS
First published: Mon Dec 03 2018(Updated: )
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
Credit: larry0@me.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kibokolabs Arigato Autoresponder And Newsletter | >=2.5.0<2.5.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1002005?
CVE-2018-1002005 is a vulnerability that requires administrative privileges to exploit and is an XSS vulnerability in bft_list.html.php:43 via the filter_signup_date parameter.
How severe is CVE-2018-1002005?
CVE-2018-1002005 has a severity rating of medium with a value of 4.8.
What software is affected by CVE-2018-1002005?
The Kibokolabs Arigato Autoresponder And Newsletter plugin for WordPress version 2.5.0 to 2.5.1.5 is affected by CVE-2018-1002005.
How can I fix CVE-2018-1002005?
To fix CVE-2018-1002005, update the Kibokolabs Arigato Autoresponder And Newsletter plugin to a version beyond 2.5.1.5.
Where can I find more information about CVE-2018-1002005?
More information about CVE-2018-1002005 can be found at the following references: http://www.vapidlabs.com/advisory.php?v=203, https://wordpress.org/plugins/bft-autoresponder/, and https://www.exploit-db.com/exploits/45434/
- collector/nvd-index
- vendor/kibokolabs
- canonical/kibokolabs arigato autoresponder and newsletter
- version/kibokolabs arigato autoresponder and newsletter/2.5.0