CVE-2018-1002008 in Arigato Autoresponder
Summary
by MITRE
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 08/11/2025
The vulnerability identified as CVE-2018-1002008 represents a reflected cross-site scripting flaw within the WordPress Arigato Autoresponder and News letter plugin version 2.5.1.8. This security weakness resides in the list-user.html.php file where the offset parameter from GET requests is not properly sanitized or validated before being rendered in the web application's response. The vulnerability specifically targets the administrative interface of the plugin, requiring attackers to possess administrative privileges to successfully exploit the flaw.
This reflected XSS vulnerability operates by injecting malicious scripts into the web application through user-supplied input that is then reflected back to the user's browser. The offset variable in the GET request parameter serves as the attack vector, where an attacker can craft a malicious URL containing script code that gets executed when the administrative user accesses the vulnerable page. The vulnerability's classification aligns with CWE-79 which defines cross-site scripting as a security flaw that allows attackers to inject client-side scripts into web pages viewed by other users.
The operational impact of this vulnerability is significant within the context of WordPress security, as it provides a potential pathway for privilege escalation and further exploitation. While the vulnerability requires administrative access to exploit, once compromised, it could enable attackers to execute arbitrary code within the context of the administrative session. This could lead to complete compromise of the WordPress installation, data theft, or the ability to modify or delete content. The attack surface is limited to administrative users who access the specific list-user.html.php page, but this represents a critical security gap in the plugin's input validation mechanisms.
The exploitation of this vulnerability demonstrates a failure in proper input sanitization and output encoding practices that are fundamental to web application security. According to ATT&CK framework, this vulnerability could be leveraged as part of a broader attack chain under the technique T1059.007 for command and script injection, potentially leading to privilege escalation and persistence within the affected WordPress environment. Organizations using this plugin should immediately update to a patched version to prevent exploitation, as the vulnerability essentially provides a backdoor for attackers who have already gained administrative access. The security implications extend beyond immediate script execution, as this flaw could be used to harvest session cookies, redirect users to malicious sites, or facilitate further attacks on the underlying WordPress installation and its associated systems.