Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Arigato_autoresponder_and_newsletter
(Kibokolabs)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-27 | CVE-2023-0543 | The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | Arigato_autoresponder_and_newsletter | 4.8 | ||
| 2023-04-07 | CVE-2023-25061 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. | Arigato_autoresponder_and_newsletter | 5.4 | ||
| 2023-04-07 | CVE-2023-25020 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. | Arigato_autoresponder_and_newsletter | 6.1 | ||
| 2023-04-07 | CVE-2023-25031 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions. | Arigato_autoresponder_and_newsletter | 4.8 | ||
| 2023-11-16 | CVE-2023-47686 | Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions. | Arigato_autoresponder_and_newsletter | 8.8 | ||
| 2018-10-18 | CVE-2018-18461 | The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | Arigato_autoresponder_and_newsletter | 9.8 | ||
| 2018-12-03 | CVE-2018-1002009 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. | Arigato_autoresponder_and_newsletter | 4.8 | ||
| 2018-12-03 | CVE-2018-1002008 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | Arigato_autoresponder_and_newsletter | 4.8 | ||
| 2018-12-03 | CVE-2018-1002007 | There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. | Arigato_autoresponder_and_newsletter | 4.8 | ||
| 2018-12-03 | CVE-2018-1002006 | These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | Arigato_autoresponder_and_newsletter | 4.8 |