First published: Mon Dec 03 2018(Updated: )
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
Credit: larry0@me.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Arigato Autoresponder And Newsletter | >=2.5.0<2.5.1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-1002006.
The severity of CVE-2018-1002006 is medium.
The software affected by CVE-2018-1002006 is Kibokolabs Arigato Autoresponder And Newsletter version 2.5.0 to 2.5.1.5 for WordPress.
CVE-2018-1002006 can be exploited by an attacker with administrative privileges through a POST request variable in integration-contact-form.html.php:14.
Yes, you can find more information on CVE-2018-1002006 at the following links: [http://www.vapidlabs.com/advisory.php?v=203](http://www.vapidlabs.com/advisory.php?v=203), [https://wordpress.org/plugins/bft-autoresponder/](https://wordpress.org/plugins/bft-autoresponder/), [https://www.exploit-db.com/exploits/45434/](https://www.exploit-db.com/exploits/45434/).