3 matches found
CVE-2023-40202
CVE-2023-40202 concerns the WP HTML Mail plugin (WordPress) up to version 3.4.1. Technical sources indicate an unauthenticated CSRF flaw that allows an attacker to trigger actions such as test email sending without valid authorization, enabling cross-site request forgery against admins. The vulne...
CVE-2019-25148
The CVE-2019-25148 issue concerns the WP HTML Mail plugin for WordPress. Affected versions up to and including 2.9.0.3 are vulnerable to HTML injection due to insufficient input sanitization in the plugin’s handling of user-supplied data. The vulnerability can be exploited by unauthenticated atta...
CVE-2019-25144
The CVE-2019-25144 entry concerns the WordPress WP HTML Mail plugin with HTML injection in versions up to 2.2.10 caused by insufficient input sanitization. The vulnerability enables unauthenticated attackers to inject arbitrary HTML into pages that execute when a user (an administrator) performs ...