WordPress · Arigato Autoresponder/Newsletter · CVE-2023-0543
**Name of the Vulnerable Software and Affected Versions**
Arigato Autoresponder and Newsletter WordPress plugin versions prior to 2.1.7.2
**Description**
The issue concerns the Arigato Autoresponder and Newsletter WordPress plugin, where certain settings are not properly sanitized and escaped. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed.
**Recommendations**
For versions prior to 2.1.7.2, update to version 2.1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high-privilege users until the update is applied.