ProjectDiscoveryNUCLEI:CVE-2022-0218HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
EPSS
Percentile
91.4%
WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.
id: CVE-2022-0218
info:
name: HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
author: hexcat
severity: medium
description: WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.
impact: |
An attacker can exploit this vulnerability to inject malicious scripts into the subject field of an email template, potentially leading to unauthorized access, data theft, or further compromise of the affected system.
remediation: |
Update to version 3.1 or later of the HTML Email Template Designer plugin to fix the vulnerability.
reference:
- https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched-in-html-email-template-designer-plugin/
- https://wordpress.org/plugins/wp-html-mail/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0218
- https://plugins.trac.wordpress.org/changeset/2656984/wp-html-mail/trunk/includes/class-template-designer.php
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0218
cwe-id: CWE-79
epss-score: 0.03872
epss-percentile: 0.9173
cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: codemiq
product: wordpress_email_template_designer
framework: wordpress
tags: cve,cve2022,wordpress,wp-plugin,xss,codemiq
http:
- method: GET
path:
- "{{BaseURL}}/index.php?rest_route=/whm/v3/themesettings"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"background":'
- '"footer":'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4a0a0047304502210099e04e3f5a0b8e648103c0a84fd06917e467aa50781ec744512e26b5a989968302204a919905afd49b2286928b07d9041c3f1a797e686f608a28537ffeb7382ae56b:922c64590222798bb761d5b6d8e72950References
github.com/ARPSyndicate/cvemon
nvd.nist.gov/vuln/detail/CVE-2022-0218
plugins.trac.wordpress.org/changeset/2656984/wp-html-mail/trunk/includes/class-template-designer.php
wordpress.org/plugins/wp-html-mail/
www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched-in-html-email-template-designer-plugin/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
EPSS
Percentile
91.4%