CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2023-40202

Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...

CVE-2023-40202

CVE-2023-40202 concerns the WP HTML Mail plugin (WordPress) up to version 3.4.1. Technical sources indicate an unauthenticated CSRF flaw that allows an attacker to trigger actions such as test email sending without valid authorization, enabling cross-site request forgery against admins. The vulne...

WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP HTML Mail Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40202 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 21db8a0a2110 Credits István Márton Required...

Input validation

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator...

CVE-2019-25144

The CVE-2019-25144 entry concerns the WordPress WP HTML Mail plugin with HTML injection in versions up to 2.2.10 caused by insufficient input sanitization. The vulnerability enables unauthenticated attackers to inject arbitrary HTML into pages that execute when a user (an administrator) performs ...

WordPress Plugin WP HTML Mail 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

CVE-2022-0218

CVE-2022-0218 (WP HTML Mail ≤ 3.0.9) : WordPress Email Template Designer WP HTML Mail exposes an unprotected REST-API endpoint (/themesettings) due to a missing capability check in includes/class-template-designer.php, enabling unauthenticated users to retrieve/modify theme settings. Connected so...

WordPress Cross-Site Request Forgery Vulnerability (CNVD-2021-52426)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 A cross-site request forger...

CVE-2021-20779

Cross-site request forgery CSRF vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2021-20779

The CVE-2021-20779 issue affects the WordPress plugin WordPress Email Template Designer - WP HTML Mail, specifically versions prior to 3.0.8. The vulnerability is Cross-site Request Forgery (CSRF) that can allow an attacker to hijack administrator authentication via unspecified vectors. Root caus...