Lucene search
Chloe ChamberlandWPVDB-ID:77B9763C-CD91-4CB7-BCA5-87C3D1373864HistoryJan 19, 2022 - 12:00 a.m.
WP HTML Mail < 3.1 - Unprotected REST-API Endpoint
2022-01-1900:00:00
Chloe Chamberland
wpscan.com
18
wordpress
html mail
cross-site scripting
EPSS
0.032
Percentile
91.4%
The plugin is vulnerable to setting changes and stored cross-site scripting due to misconfigured authorization controls on the /themesettings REST API endpoint.
Related
cnvd
cnvd
WordPress WP HTML Mail plugin cross-site scripting vulnerability
2022-01-23 00:00:00
nuclei
nuclei
HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
2022-01-24 08:47:01
cvelist
cvelist
CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route
2022-02-04 22:29:24
packetstorm
packetstorm
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting
2022-01-19 00:00:00
checkpoint_advisories
checkpoint_advisories
wordfence
wordfence
nvd
nvd
CVE-2022-0218
2022-02-04 23:15:12
zdt
zdt
patchstack
patchstack
threatpost
threatpost
20K WordPress Sites Exposed by Insecure Plugin REST-API
2022-01-21 18:19:37
prion
prion
Design/Logic Flaw
2022-02-04 23:15:00
cve
cve
CVE-2022-0218
2022-02-04 23:15:12
thn
thn
Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes
2022-01-22 07:13:00