First published: Mon Dec 03 2018(Updated: )
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
Credit: larry0@me.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Arigato Autoresponder And Newsletter | =2.5.1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this WordPress Arigato Autoresponder and News letter vulnerability is CVE-2018-1002007.
The severity of CVE-2018-1002007 is medium with a score of 4.8.
The affected software for CVE-2018-1002007 is Kibokolabs Arigato Autoresponder And Newsletter version 2.5.1.8.
This vulnerability can be exploited by sending a POST request with a malicious html_id parameter.
There are no known fixes or patches for CVE-2018-1002007. It is recommended to update to a patched version if available or consider alternative plugins.