CVE-2018-1002000

HIGH

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - SQL Injection

Title source: llm
STIX 2.1

Description

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.

Exploits (1)

exploitdb WRITEUP
by Larry W. Cashdollar · textwebappsphp
https://www.exploit-db.com/exploits/45434

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45434/
Exploit, Third Party Advisory x_refsource_misc
http://www.vapidlabs.com/advisory.php?v=203

Scores

CVSS v3 7.2
EPSS 0.0406
EPSS Percentile 88.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
kibokolabs/arigato_autoresponder_and_newsletter 2.5.1.8
Published Dec 03, 2018
Tracked Since Feb 18, 2026