CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12345 – Hostel <= 1.1.3 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12345
XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. Existe Cross-Site Scripting (XSS) en el plugin Kiboko Hostel en versiones anteriores a la 1.1.4 para WordPress. The Hostel Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'contact_name' and 'contact_phone' parameters in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wordpress.org/plugins/hostel/#developers https://wpvulndb.com/vulnerabilities/9289 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-18461 – Arigato Autoresponder and Newsletter <= 2.7 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2018-18461
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. El plugin Arigato Autoresponder and Newsletter (también conocido como bft-autoresponder) v2.5.1.7 para WordPress permite que atacantes remotos ejecuten código arbitrario mediante código PHP en los datos attachments[] en models/attachment.php. The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.This plugin does not appear to be patched based on our review. • https://github.com/rakjong/vuln/blob/master/woedpress-Arigato%20Autoresponder_and_Newsletter-getshell.pdf https://wordpress.org/plugins/bft-autoresponder/#developers • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002005 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002005
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS) en bft_list.html.php:43: mediante el parámetro filter_signup_date. • https://www.exploit-db.com/exploits/45434 http://www.vapidlabs.com/advisory.php?v=203 https://wordpress.org/plugins/bft-autoresponder • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002008 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002008
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. Existe una vulnerabilidad Cross-Site Scripting (XSS) en list-user.html.php:4: mediante la variable offset de las peticiones GET. • https://www.exploit-db.com/exploits/45434 http://www.vapidlabs.com/advisory.php?v=203 https://wordpress.org/plugins/bft-autoresponder • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1002001 – Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-1002001
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en WordPress Arigato Autoresponder y Newsletter v2.5.1.8. Esta vulnerabilidad requiere privilegios de administrador para que se explote. WordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/45434 http://www.vapidlabs.com/advisory.php?v=203 https://wordpress.org/plugins/bft-autoresponder • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •