Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for arigato_autoresponder_and_newsletter by kibokolabs

    CVE-2023-47686 (GCVE-0-2023-47686)

    Vulnerability from nvd – Published: 2023-11-16 22:44 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiboko Labs Arigato Autoresponder and Newsletter Affected: n/a , ≤ 2.7.2.2 (custom)
    Create a notification for this product.
    Credits
    Nguyen Xuan Chien (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:16:43.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T14:08:37.717518Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T14:10:05.713Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bft-autoresponder",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.7.2.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.7.2.2",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Nguyen Xuan Chien (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.2.2 versions.\u003c/span\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u00a02.7.2.2 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:51.132Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a02.7.2.3 or a higher version."
                }
              ],
              "value": "Update to\u00a02.7.2.3 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Arigato Autoresponder and Newsletter Plugin \u003c= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-47686",
        "datePublished": "2023-11-16T22:44:51.127Z",
        "dateReserved": "2023-11-08T16:08:15.190Z",
        "dateUpdated": "2026-04-28T16:08:51.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-25031 (GCVE-0-2023-25031)

    Vulnerability from nvd – Published: 2023-04-07 11:01 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)
    Summary
    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiboko Labs Arigato Autoresponder and Newsletter Affected: n/a , ≤ 2.7.1 (custom)
    Create a notification for this product.
    Credits
    Rafshanzani Suhada (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-cross-site-scripting-xss?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25031",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T17:43:04.698746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T18:59:09.356Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bft-autoresponder",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.7.1.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.7.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Rafshanzani Suhada (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.1 versions.\u003c/span\u003e"
                }
              ],
              "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u00a02.7.1 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:06.769Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-cross-site-scripting-xss?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a02.7.1.1 or a higher version."
                }
              ],
              "value": "Update to\u00a02.7.1.1 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Arigato Autoresponder and Newsletter Plugin \u003c= 2.7.1 is vulnerable to Cross Site Scripting (XSS)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-25031",
        "datePublished": "2023-04-07T11:01:41.539Z",
        "dateReserved": "2023-02-02T09:58:49.593Z",
        "dateUpdated": "2026-04-28T16:08:06.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-25020 (GCVE-0-2023-25020)

    Vulnerability from nvd – Published: 2023-04-07 11:08 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)
    Summary
    Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiboko Labs Arigato Autoresponder and Newsletter Affected: n/a , ≤ 2.7.1.1 (custom)
    Create a notification for this product.
    Credits
    Rafshanzani Suhada (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-1-cross-site-scripting-xss-2?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T17:43:01.769671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T18:58:53.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bft-autoresponder",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.7.1.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.7.1.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Rafshanzani Suhada (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.1.1 versions.\u003c/span\u003e"
                }
              ],
              "value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u00a02.7.1.1 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:06.528Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-1-cross-site-scripting-xss-2?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a02.7.1.2 or a higher version."
                }
              ],
              "value": "Update to\u00a02.7.1.2 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Arigato Autoresponder and Newsletter Plugin \u003c= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-25020",
        "datePublished": "2023-04-07T11:08:01.901Z",
        "dateReserved": "2023-02-02T09:58:48.539Z",
        "dateUpdated": "2026-04-28T16:08:06.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-25061 (GCVE-0-2023-25061)

    Vulnerability from nvd – Published: 2023-04-07 08:35 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)
    Summary
    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiboko Labs Arigato Autoresponder and Newsletter Affected: n/a , ≤ 2.7.1.1 (custom)
    Create a notification for this product.
    Credits
    Rafshanzani Suhada (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:44.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-1-cross-site-scripting-xss?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T13:41:23.728989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:44:51.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bft-autoresponder",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.7.1.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.7.1.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Rafshanzani Suhada (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.1.1 versions.\u003c/span\u003e"
                }
              ],
              "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u00a02.7.1.1 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:07.604Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-1-cross-site-scripting-xss?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a02.7.1.2 or a higher version."
                }
              ],
              "value": "Update to\u00a02.7.1.2 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Arigato Autoresponder and Newsletter Plugin \u003c= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-25061",
        "datePublished": "2023-04-07T08:35:04.435Z",
        "dateReserved": "2023-02-02T09:58:52.946Z",
        "dateUpdated": "2026-04-28T16:08:07.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0543 (GCVE-0-2023-0543)

    Vulnerability from nvd – Published: 2023-02-27 15:24 – Updated: 2025-03-11 19:20
    VLAI
    Title
    Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS
    Summary
    The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/e3771938-40b5-4e… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Arigato Autoresponder and Newsletter Affected: 0 , < 2.1.7.2 (custom)
    Create a notification for this product.
    Credits
    Felipe Restrepo Rodriguez Joaquin Pochat y Gabriel Calle WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:49.592Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e3771938-40b5-4e8b-bb5a-847131a2b4a7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0543",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T19:19:12.464364Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T19:20:05.043Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.1.7.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Felipe Restrepo Rodriguez"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Joaquin Pochat y Gabriel Calle"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T15:24:34.100Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/e3771938-40b5-4e8b-bb5a-847131a2b4a7"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Arigato Autoresponder and Newsletter \u003c 2.1.7.2 - Admin+ Stored XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-0543",
        "datePublished": "2023-02-27T15:24:34.100Z",
        "dateReserved": "2023-01-27T12:24:40.397Z",
        "dateUpdated": "2025-03-11T19:20:05.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002009 (GCVE-0-2018-1002009)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002009",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002009",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002008 (GCVE-0-2018-1002008)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002008",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002008",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002007 (GCVE-0-2018-1002007)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002007",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002007",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002006 (GCVE-0-2018-1002006)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
    Severity
    No CVSS data available.
    CWE
    • Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002006",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002006",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002005 (GCVE-0-2018-1002005)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
    Severity
    No CVSS data available.
    CWE
    • Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002005",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002005",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002004 (GCVE-0-2018-1002004)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:56.996Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002004",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002004",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:56.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002003 (GCVE-0-2018-1002003)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002003",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002003",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002002 (GCVE-0-2018-1002002)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
    Severity
    No CVSS data available.
    CWE
    • Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.502Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002002",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002002",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.502Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002001 (GCVE-0-2018-1002001)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.283Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002001",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002001",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002000 (GCVE-0-2018-1002000)

    Vulnerability from nvd – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
    Severity
    No CVSS data available.
    CWE
    • Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002000",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002000",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-47686 (GCVE-0-2023-47686)

    Vulnerability from cvelistv5 – Published: 2023-11-16 22:44 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiboko Labs Arigato Autoresponder and Newsletter Affected: n/a , ≤ 2.7.2.2 (custom)
    Create a notification for this product.
    Credits
    Nguyen Xuan Chien (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:16:43.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-47686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-12T14:08:37.717518Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T14:10:05.713Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bft-autoresponder",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.7.2.3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.7.2.2",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Nguyen Xuan Chien (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.2.2 versions.\u003c/span\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u00a02.7.2.2 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:51.132Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a02.7.2.3 or a higher version."
                }
              ],
              "value": "Update to\u00a02.7.2.3 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Arigato Autoresponder and Newsletter Plugin \u003c= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-47686",
        "datePublished": "2023-11-16T22:44:51.127Z",
        "dateReserved": "2023-11-08T16:08:15.190Z",
        "dateUpdated": "2026-04-28T16:08:51.132Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-25020 (GCVE-0-2023-25020)

    Vulnerability from cvelistv5 – Published: 2023-04-07 11:08 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)
    Summary
    Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiboko Labs Arigato Autoresponder and Newsletter Affected: n/a , ≤ 2.7.1.1 (custom)
    Create a notification for this product.
    Credits
    Rafshanzani Suhada (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-1-cross-site-scripting-xss-2?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25020",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T17:43:01.769671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T18:58:53.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bft-autoresponder",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.7.1.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.7.1.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Rafshanzani Suhada (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.1.1 versions.\u003c/span\u003e"
                }
              ],
              "value": "Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u00a02.7.1.1 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:06.528Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-1-cross-site-scripting-xss-2?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a02.7.1.2 or a higher version."
                }
              ],
              "value": "Update to\u00a02.7.1.2 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Arigato Autoresponder and Newsletter Plugin \u003c= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-25020",
        "datePublished": "2023-04-07T11:08:01.901Z",
        "dateReserved": "2023-02-02T09:58:48.539Z",
        "dateUpdated": "2026-04-28T16:08:06.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-25031 (GCVE-0-2023-25031)

    Vulnerability from cvelistv5 – Published: 2023-04-07 11:01 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)
    Summary
    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiboko Labs Arigato Autoresponder and Newsletter Affected: n/a , ≤ 2.7.1 (custom)
    Create a notification for this product.
    Credits
    Rafshanzani Suhada (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-cross-site-scripting-xss?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25031",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T17:43:04.698746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T18:59:09.356Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bft-autoresponder",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.7.1.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.7.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Rafshanzani Suhada (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.1 versions.\u003c/span\u003e"
                }
              ],
              "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u00a02.7.1 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:06.769Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-cross-site-scripting-xss?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a02.7.1.1 or a higher version."
                }
              ],
              "value": "Update to\u00a02.7.1.1 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Arigato Autoresponder and Newsletter Plugin \u003c= 2.7.1 is vulnerable to Cross Site Scripting (XSS)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-25031",
        "datePublished": "2023-04-07T11:01:41.539Z",
        "dateReserved": "2023-02-02T09:58:49.593Z",
        "dateUpdated": "2026-04-28T16:08:06.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-25061 (GCVE-0-2023-25061)

    Vulnerability from cvelistv5 – Published: 2023-04-07 08:35 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)
    Summary
    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiboko Labs Arigato Autoresponder and Newsletter Affected: n/a , ≤ 2.7.1.1 (custom)
    Create a notification for this product.
    Credits
    Rafshanzani Suhada (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:44.228Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-1-cross-site-scripting-xss?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T13:41:23.728989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:44:51.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "bft-autoresponder",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.7.1.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.7.1.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Rafshanzani Suhada (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.1.1 versions.\u003c/span\u003e"
                }
              ],
              "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin \u003c=\u00a02.7.1.1 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:07.604Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-1-1-cross-site-scripting-xss?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a02.7.1.2 or a higher version."
                }
              ],
              "value": "Update to\u00a02.7.1.2 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Arigato Autoresponder and Newsletter Plugin \u003c= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-25061",
        "datePublished": "2023-04-07T08:35:04.435Z",
        "dateReserved": "2023-02-02T09:58:52.946Z",
        "dateUpdated": "2026-04-28T16:08:07.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0543 (GCVE-0-2023-0543)

    Vulnerability from cvelistv5 – Published: 2023-02-27 15:24 – Updated: 2025-03-11 19:20
    VLAI
    Title
    Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS
    Summary
    The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/e3771938-40b5-4e… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Arigato Autoresponder and Newsletter Affected: 0 , < 2.1.7.2 (custom)
    Create a notification for this product.
    Credits
    Felipe Restrepo Rodriguez Joaquin Pochat y Gabriel Calle WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:17:49.592Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e3771938-40b5-4e8b-bb5a-847131a2b4a7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0543",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T19:19:12.464364Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T19:20:05.043Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.1.7.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Felipe Restrepo Rodriguez"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Joaquin Pochat y Gabriel Calle"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-27T15:24:34.100Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/e3771938-40b5-4e8b-bb5a-847131a2b4a7"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Arigato Autoresponder and Newsletter \u003c 2.1.7.2 - Admin+ Stored XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-0543",
        "datePublished": "2023-02-27T15:24:34.100Z",
        "dateReserved": "2023-01-27T12:24:40.397Z",
        "dateUpdated": "2025-03-11T19:20:05.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002001 (GCVE-0-2018-1002001)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.283Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002001",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002001",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002007 (GCVE-0-2018-1002007)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002007",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002007",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.528Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002002 (GCVE-0-2018-1002002)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
    Severity
    No CVSS data available.
    CWE
    • Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.502Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002002",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002002",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.502Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002005 (GCVE-0-2018-1002005)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
    Severity
    No CVSS data available.
    CWE
    • Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002005",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002005",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002003 (GCVE-0-2018-1002003)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002003",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002003",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002006 (GCVE-0-2018-1002006)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
    Severity
    No CVSS data available.
    CWE
    • Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002006",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002006",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002000 (GCVE-0-2018-1002000)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
    Severity
    No CVSS data available.
    CWE
    • Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.139Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002000",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Blind SQL injection in WordPress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002000",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002008 (GCVE-0-2018-1002008)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002008",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002008",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002009 (GCVE-0-2018-1002009)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:57.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002009",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002009",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:57.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1002004 (GCVE-0-2018-1002004)

    Vulnerability from cvelistv5 – Published: 2018-12-03 16:00 – Updated: 2024-08-05 12:47
    VLAI
    Summary
    There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
    Severity
    No CVSS data available.
    CWE
    • reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8
    Assigner
    References
    Impacted products
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:47:56.996Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45434",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45434/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/bft-autoresponder/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.vapidlabs.com/advisory.php?v=203"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Arigato Autoresponder and Newsletter",
              "vendor": "Kiboko Labs https://calendarscripts.info/",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-08-22T00:00:00.000Z",
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-04T10:57:01.000Z",
            "orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
            "shortName": "larry_cashdollar"
          },
          "references": [
            {
              "name": "45434",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45434/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/bft-autoresponder/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.vapidlabs.com/advisory.php?v=203"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "larry0@me.com",
              "DATE_ASSIGNED": "2018-08-22",
              "ID": "CVE-2018-1002004",
              "REQUESTER": "kurt@seifried.org",
              "STATE": "PUBLIC",
              "UPDATED": "2017-08-10T14:41Z"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Arigato Autoresponder and Newsletter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.5.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kiboko Labs https://calendarscripts.info/"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45434",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45434/"
                },
                {
                  "name": "https://wordpress.org/plugins/bft-autoresponder/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/bft-autoresponder/"
                },
                {
                  "name": "http://www.vapidlabs.com/advisory.php?v=203",
                  "refsource": "MISC",
                  "url": "http://www.vapidlabs.com/advisory.php?v=203"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
        "assignerShortName": "larry_cashdollar",
        "cveId": "CVE-2018-1002004",
        "datePublished": "2018-12-03T16:00:00.000Z",
        "dateReserved": "2018-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:47:56.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }