Arigato Autoresponder and Newsletter < 2.7.1.1 – Unauthenticated Stored XSS | CVE 2023-25020

Affects Plugins

bft-autoresponder

Fixed in 2.7.1.1

References

CVE

CVE-2023-25020

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.8 (high)

Miscellaneous

Original Researcher

Rafshanzani Suhada

Verified

No

WPVDB ID

5d79f3c4-ddb6-48e9-825c-fd80ff6b888a

Timeline

Publicly Published

2023-02-06 (about 3 years ago)

Added

2023-04-10 (about 3 years ago)

Last Updated

2023-04-10 (about 3 years ago)

Other

Published

Title

Published

2023-01-13

Title

alfred24 Click & Collect <= 1.1.7 - Admin+ Stored XSS

Published

2015-06-24

Title

Nextend Facebook Connect < 1.5.6 - Reflected Cross-Site Scripting (XSS)

Published

2026-01-05

Title

URL Image Importer < 1.0.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Published

2025-04-29

Title

Total Donations <= 3.0.8 - Unauthenticated Stored Cross-Site Scripting

Published

2023-07-05

Title

BadgeOS <= 3.7.1.6 - Contributor+ Stored Cross-Site Scripting