5 matches found
CVE-2022-0218
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...
Wordpress Email Template Designer Plugin Authentication Bypass (CVE-2022-0218)
An authentication bypass vulnerability exists in the Wordpress plugin "WordPress Email Template Designer - WP HTML Mail". The vulnerability is due to lack of authentication on REST-API endpoints created by the plugin...
WordPress Email Template Designer Plugin Authentication Bypass (CVE-2022-0218)
An authentication bypass vulnerability exists in WordPress Email Template Designer. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
CVE-2022-0218
CVE-2022-0218 (WP HTML Mail ≤ 3.0.9) : WordPress Email Template Designer WP HTML Mail exposes an unprotected REST-API endpoint (/themesettings) due to a missing capability check in includes/class-template-designer.php, enabling unauthenticated users to retrieve/modify theme settings. Connected so...
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability
WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...