CVE-2018-1002000

2018-12-0316:00:00

larry_cashdollar

www.cve.org

7.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.

CNA Affected

[
  {
    "product": "Arigato Autoresponder and Newsletter",
    "vendor": "Kiboko Labs https://calendarscripts.info/",
    "versions": [
      {
        "lessThanOrEqual": "2.5.1.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]