CVE-2018-1002003 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002003
18 Sep 2018 — There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. • https://www.exploit-db.com/exploits/45434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1002000 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-1002000
18 Sep 2018 — There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request. Existe una inyección SQL ciega en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Estas vulnerabilidades requieren privilegios de administrador para que se explote. Existe una vulnerabilidad de inyección SQL ciega explotable mediante la variable del... • https://www.exploit-db.com/exploits/45434 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •