Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Arigato_autoresponder_and_newsletter
(Kibokolabs)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-27 | CVE-2023-0543 | The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | Arigato_autoresponder_and_newsletter | 4.8 | ||
| 2023-04-07 | CVE-2023-25061 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. | Arigato_autoresponder_and_newsletter | 5.4 | ||
| 2023-04-07 | CVE-2023-25020 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. | Arigato_autoresponder_and_newsletter | 6.1 | ||
| 2023-04-07 | CVE-2023-25031 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions. | Arigato_autoresponder_and_newsletter | 4.8 | ||
| 2023-11-16 | CVE-2023-47686 | Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions. | Arigato_autoresponder_and_newsletter | 8.8 | ||
| 2018-10-18 | CVE-2018-18461 | The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php. | Arigato_autoresponder_and_newsletter | 9.8 |