ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Arigato Autoresponder and Newsletter plugin <= 2.5.1.8 - Authenticated Blind SQL Injection (SQLi) vulnerability

Product
Arigato Autoresponder and Newsletter
Description
Authenticated Blind SQL Injection (SQLi) vulnerability found by Larry W. Cashdollar in WordPress Arigato Autoresponder and Newsletter plugin (versions <= 2.5.1.8).
Solution
Update the WordPress Arigato Autoresponder and Newsletter plugin to the latest available version (at least 2.5.2).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-CVE-2018-1002000
Versions
Affected In <= 2.5.1.8
Fixed In 2.5.2
Disclosure date
2018-12-04
Credits
Larry W. Cashdollar
Submitter
ThreatPress