CVE-2018-18461: Code Injection
First published: Thu Oct 18 2018(Updated: )
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kibokolabs Arigato Autoresponder And Newsletter | =2.5.1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Arigato Autoresponder and Newsletter plugin?
The vulnerability ID for the Arigato Autoresponder and Newsletter plugin is CVE-2018-18461.
What is the CVE score for CVE-2018-18461?
CVE-2018-18461 has a severity score of 9.8 (Critical).
What is the affected software for CVE-2018-18461?
The affected software for CVE-2018-18461 is the Arigato Autoresponder and Newsletter plugin version 2.5.1.7 in WordPress.
How can remote attackers exploit CVE-2018-18461?
Remote attackers can exploit CVE-2018-18461 by executing arbitrary PHP code in attachments[] data to models/attachment.php.
Are there any references available for CVE-2018-18461?
Yes, you can find references for CVE-2018-18461 at the following links: [link1] [link2]
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/kibokolabs
- canonical/kibokolabs arigato autoresponder and newsletter
- version/kibokolabs arigato autoresponder and newsletter/2.5.1.7