First published: Mon Dec 03 2018(Updated: )
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
Credit: larry0@me.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Arigato Autoresponder And Newsletter | >=2.5.0<2.5.1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1002005 is a vulnerability that requires administrative privileges to exploit and is an XSS vulnerability in bft_list.html.php:43 via the filter_signup_date parameter.
CVE-2018-1002005 has a severity rating of medium with a value of 4.8.
The Kibokolabs Arigato Autoresponder And Newsletter plugin for WordPress version 2.5.0 to 2.5.1.5 is affected by CVE-2018-1002005.
To fix CVE-2018-1002005, update the Kibokolabs Arigato Autoresponder And Newsletter plugin to a version beyond 2.5.1.5.
More information about CVE-2018-1002005 can be found at the following references: http://www.vapidlabs.com/advisory.php?v=203, https://wordpress.org/plugins/bft-autoresponder/, and https://www.exploit-db.com/exploits/45434/