CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002009 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002009
18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS... • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002001 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002001
18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002003 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002003
18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002000 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-1002000
18 Sep 2018 — There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request. Existe una inyección SQL ciega en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Estas vulnerabilidades requieren privilegios de administrador para que se explote. Existe una vulnerabilidad de inyección SQL ciega explotable mediante la variable del... • https://www.exploit-db.com/exploits/45434 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002005 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002005
18 Sep 2018 — These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS) en bft_list.html.php:43: mediante el parámetro filter_signup_date. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002006 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002006
18 Sep 2018 — These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS) en integration-contact-form.html.php:14: mediante la variable de petición POST classes. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •