Lucene search
China National Vulnerability DatabaseCNVD-2022-08361HistoryJan 23, 2022 - 12:00 a.m.
WordPress WP HTML Mail plugin cross-site scripting vulnerability
2022-01-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
20
wordpress
html mail
cross-site scripting
vulnerability
data validation
javascript code
php
mysql
EPSS
0.032
Percentile
91.4%
WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
Related
nuclei
nuclei
HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
2022-01-24 08:47:01
cvelist
cvelist
CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route
2022-02-04 22:29:24
packetstorm
packetstorm
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting
2022-01-19 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2022-02-04 23:15:00
cve
cve
CVE-2022-0218
2022-02-04 23:15:12
wpvulndb
wpvulndb
WP HTML Mail < 3.1 - Unprotected REST-API Endpoint
2022-01-19 00:00:00
patchstack
patchstack
threatpost
threatpost
20K WordPress Sites Exposed by Insecure Plugin REST-API
2022-01-21 18:19:37
wordfence
wordfence
nvd
nvd
CVE-2022-0218
2022-02-04 23:15:12
zdt
zdt
thn
thn
Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes
2022-01-22 07:13:00