PT-2018-9608 · WordPress · Wordpress Arigato Autoresponder/News Letter

Larry W. Cashdollar

Published

2018-12-03

Updated

2018-12-27

CVE-2018-1002000

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: WordPress Arigato Autoresponder and Newsletter version 2.5.1.8

Description: The issue is related to a blind SQL injection vulnerability that can be exploited via the del ids variable by sending a POST request. This vulnerability requires administrative privileges to exploit.

Recommendations: For WordPress Arigato Autoresponder and Newsletter version 2.5.1.8, consider restricting access to the del ids variable to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the del ids variable in POST requests to prevent potential SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-1002000

Affected Products

Wordpress Arigato Autoresponder/News Letter

PT-2018-9608 · WordPress · Wordpress Arigato Autoresponder/News Letter

CVE-2018-1002000

Weakness Enumeration

Related Identifiers

Affected Products

References · 5