First published: Mon Dec 03 2018(Updated: )
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
Credit: larry0@me.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kibokolabs Arigato Autoresponder And Newsletter | =2.5.1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2018-1002009.
The severity of CVE-2018-1002009 is medium (4.8).
WordPress Arigato Autoresponder and News letter v2.5.1.8 is affected by CVE-2018-1002009.
The vulnerability can be exploited by sending a GET request to the email variable in unsubscribe.html.php.
Yes, administrative privileges are required to exploit CVE-2018-1002009.