Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Chloe Chamberland (Wordfence) in WordPress WP HTML Mail plugin (versions <= 3.0.9).
Update the WordPress WP HTML Mail plugin to the latest available version (at least 3.1).