CVEs-PoC/2018/CVE-2018-1002000.md

### [CVE-2018-1002000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002000)
![](https://img.shields.io/static/v1?label=Product&message=Arigato%20Autoresponder%20and%20Newsletter&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Blind%20SQL%20injection%20in%20WordPress%20Plugin%20Arigato%20Autoresponder%20and%20Newsletter%20v2.5.1.8&color=brightgreen)

### Description

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.

### POC

#### Reference
- https://www.exploit-db.com/exploits/45434/

#### Github
- https://github.com/20142995/nuclei-templates