Arigato Autoresponder And Newsletter

arigato_autoresponder_and_newsletter

Vendor: Kibokolabs • 16 CVEs

CVEs (16)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-47686 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Nov 16, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions.
CVE-2023-25031 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Apr 7, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.
CVE-2023-25020 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Apr 7, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
CVE-2023-25061 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Apr 7, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
CVE-2023-0543 1Kibokolabs 1Arigato Autoresponder And Newsletter Mar 11, 2025 Feb 27, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting atta...Show more The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.Show less
CVE-2018-1002009 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3...Show more There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.Show less
CVE-2018-1002008 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4:...Show more There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.Show less
CVE-2018-1002007 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-fo...Show more There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.Show less
CVE-2018-1002006 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
CVE-2018-1002005 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
CVE-2018-1002004 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVE-2018-1002003 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVE-2018-1002002 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVE-2018-1002001 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
CVE-2018-1002000 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Dec 3, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via th...Show more There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.Show less
CVE-2018-18461 1Kibokolabs 1Arigato Autoresponder And Newsletter Nov 21, 2024 Oct 18, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.