HTML Injection Vulnerability in WP HTML Mail Plugin for WordPress
CVE-2019-25144

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Email Template
Vendor: CVE Published:; 7 June 2023

Summary

The WP HTML Mail plugin for WordPress is affected by a vulnerability that allows for HTML injection due to inadequate input sanitization in versions up to and including 2.2.10. This security flaw can enable unauthenticated attackers to insert arbitrary HTML into web pages, posing a risk if they successfully manipulate an administrator into executing specific actions, such as clicking an infected link.

Affected Version(s)

WP Email Template * < 2.2.11

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.nintechnet.com/multiple-wordpress-plugins-vu...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2023
Vulnerability Reserved
Jun 6, 2023

Credit

Jerome Bruandet