cleantalk
Vulnerabilities and Security Researches

Arigato Autoresponder and Newsletter, CVE-2018-18461

CVE, Research URL

CVE-2018-18461

Home page URL

Security reports for Arigato Autoresponder and Newsletter

Application

Arigato Autoresponder and Newsletter

Published on
Oct 18, 2018
Research Description
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
Affected versions
Min -, max 2.5.2.
Status
vulnerable
Previous vulnerability researches
Arigato Autoresponder and Newsletter (CVE-2018-1002003) , Jun 07, 2024
Arigato Autoresponder and Newsletter (CVE-2018-1002005) , Jun 07, 2024
Arigato Autoresponder and Newsletter (CVE-2018-1002006) , Jun 07, 2024
Arigato Autoresponder and Newsletter (CVE-2018-1002007) , Jun 07, 2024
Arigato Autoresponder and Newsletter (CVE-2018-1002001) , Jun 07, 2024
New vulnerability
Themesflat Addons For Elementor (CVE-2025-3275) , Apr 20, 2025
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025