HTML Email Template Designer < 3.1 - Missing Authorization on Rest Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

EUVD-2023-44799

Malicious code in bioql PyPI...

CVE-2023-40202

Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...

CVE-2023-40202

Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...

CVE-2023-40202

CVE-2023-40202 concerns the WP HTML Mail plugin (WordPress) up to version 3.4.1. Technical sources indicate an unauthenticated CSRF flaw that allows an attacker to trigger actions such as test email sending without valid authorization, enabling cross-site request forgery against admins. The vulne...

CVE-2023-40202 WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...