CVE-2019-25144

The CVE-2019-25144 entry concerns the WordPress WP HTML Mail plugin with HTML injection in versions up to 2.2.10 caused by insufficient input sanitization. The vulnerability enables unauthenticated attackers to inject arbitrary HTML into pages that execute when a user (an administrator) performs ...

PT-2023-11375 · WordPress · Wp Html Mail

Name of the Vulnerable Software and Affected Versions: WP HTML Mail plugin for WordPress versions up to, and including, 2.9.0.3 Description: The issue arises from insufficient input sanitization, allowing unauthenticated attackers to inject arbitrary HTML in pages. This can be achieved if an...

WordPress Plugin WP HTML Mail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

SUSE CVE-2007-0994

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

SUSE CVE-2016-7968

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed...

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols, and HTML mail format. A security vulnerability exists in Mozilla Thunderbird. An attacker exploiting this...

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218

CVE-2022-0218 (WP HTML Mail ≤ 3.0.9) : WordPress Email Template Designer WP HTML Mail exposes an unprotected REST-API endpoint (/themesettings) due to a missing capability check in includes/class-template-designer.php, enabling unauthenticated users to retrieve/modify theme settings. Connected so...

WP HTML Mail Plugin for WordPress < 3.1 Cross-Site Scripting

The WordPress WP HTML Mail Plugin installed on the remote host is affected by a Cross-Site Scripting XSS vulnerability via an unprotected REST-API endpoint. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No sour...

Mozilla Thunderbird 缓冲区错误漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports IMAP, POP mail protocols, and HTML mail formats. Mozilla Thunderbird suffers from a buffer error vulnerability that arises from imprope...

WordPress WP HTML Mail plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability tha...

WP HTML Mail < 3.1 - Unprotected REST-API Endpoint

The plugin is vulnerable to setting changes and stored cross-site scripting due to misconfigured authorization controls on the /themesettings REST API endpoint...

WordPress plugin 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability tha...

WordPress WP HTML Mail plugin <= 3.0.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chloe Chamberland Wordfence in WordPress WP HTML Mail plugin versions = 3.0.9. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.1...

CVE-2021-40972

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter...

WordPress Cross-Site Request Forgery Vulnerability (CNVD-2021-52426)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 A cross-site request forger...

CVE-2021-20779

Cross-site request forgery CSRF vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors...