CVE-2018-1002000

high

Description

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.

References

https://www.exploit-db.com/exploits/45434/

https://wordpress.org/plugins/bft-autoresponder/

http://www.vapidlabs.com/advisory.php?v=203

Details

Source: Mitre, NVD

Published: 2018-12-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.10666