Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.13 views

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS6.7AI score0.70511EPSS
Exploits3References1
Check Point Advisories
Check Point Advisories
added 2022/10/30 12:0 a.m.79 views

Wordpress Email Template Designer Plugin Authentication Bypass (CVE-2022-0218)

An authentication bypass vulnerability exists in the Wordpress plugin "WordPress Email Template Designer - WP HTML Mail". The vulnerability is due to lack of authentication on REST-API endpoints created by the plugin...

4.3CVSS1.6AI score0.70511EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2022/10/23 12:0 a.m.81 views

WordPress Email Template Designer Plugin Authentication Bypass (CVE-2022-0218)

An authentication bypass vulnerability exists in WordPress Email Template Designer. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

4.3CVSS6.1AI score0.70511EPSS
Exploits3
CVE
CVE
added 2022/02/04 10:29 p.m.124 views

CVE-2022-0218

CVE-2022-0218 (WP HTML Mail ≤ 3.0.9) : WordPress Email Template Designer WP HTML Mail exposes an unprotected REST-API endpoint (/themesettings) due to a missing capability check in includes/class-template-designer.php, enabling unauthenticated users to retrieve/modify theme settings. Connected so...

8.3CVSS6.5AI score0.70511EPSS
Exploits3References2Affected Software1
0day.today
0day.today
added 2022/01/19 12:0 a.m.335 views

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability

WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...

8.3CVSS6.4AI score0.70511EPSS
Exploits3
Rows per page
Query Builder