cleantalk
Vulnerabilities and Security Researches

Arigato Autoresponder and Newsletter, CVE-2018-18461

CVE, Research URL

CVE-2018-18461

Home page URL

Security reports for Arigato Autoresponder and Newsletter

Application

Arigato Autoresponder and Newsletter

Published on
Oct 18, 2018
Research Description
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
Affected versions
Min -, max 2.5.2.
Status
vulnerable
Previous vulnerability researches
Arigato Autoresponder and Newsletter (CVE-2018-1002003) , Jun 07, 2024
Arigato Autoresponder and Newsletter (CVE-2018-1002005) , Jun 07, 2024
Arigato Autoresponder and Newsletter (CVE-2018-1002006) , Jun 07, 2024
Arigato Autoresponder and Newsletter (CVE-2018-1002007) , Jun 07, 2024
Arigato Autoresponder and Newsletter (CVE-2018-1002001) , Jun 07, 2024
New vulnerability
Redis Object Cache , Sep 17, 2025
Zakra (CVE-2025-8595) , Sep 15, 2025
PDF Embedder , Sep 11, 2025
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025