CVE-2018-1002008

MEDIUM

WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1002008. PoCs published by Larry W. Cashdollar.

AI-analyzed exploit summary The document describes multiple vulnerabilities (SQLi and XSS) in the WordPress plugin Arigato Autoresponder and Newsletter v2.5, including a blind SQL injection via the 'del_ids' parameter and nine reflected XSS vulnerabilities. It provides details on the vulnerable code lines and includes an example of using sqlmap to exploit the SQL injection.

Description

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.

Exploits (1)

exploitdb WRITEUP

by Larry W. Cashdollar · textwebappsphp

https://www.exploit-db.com/exploits/45434

View Code ZIP pw:eip

The document describes multiple vulnerabilities (SQLi and XSS) in the WordPress plugin Arigato Autoresponder and Newsletter v2.5, including a blind SQL injection via the 'del_ids' parameter and nine reflected XSS vulnerabilities. It provides details on the vulnerable code lines and includes an example of using sqlmap to exploit the SQL injection.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Arigato Autoresponder and Newsletter v2.5

Auth required

Prerequisites: Administrative privileges in the WordPress plugin · Access to the vulnerable endpoints

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45434/

Product x_refsource_misc

https://wordpress.org/plugins/bft-autoresponder/

Exploit, Third Party Advisory x_refsource_misc

http://www.vapidlabs.com/advisory.php?v=203

Scores

CVSS v3 4.8

EPSS 0.0258

EPSS Percentile 83.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

kibokolabs/arigato_autoresponder_and_newsletter 2.5.1.8

Published Dec 03, 2018

Tracked Since Feb 18, 2026