Cross-Site Request Forgery in WP HTML Mail Plugin by WordPress
CVE-2021-20779

8.8HIGH

Key Information:

Vendor: Wordpress
Status: WordPress Email Template Designer - WP Html Mail
Vendor: CVE Published:; 7 July 2021

What is CVE-2021-20779?

A cross-site request forgery (CSRF) vulnerability exists in the WP HTML Mail plugin for WordPress, allowing attackers to exploit it before version 3.0.8. This flaw can potentially enable attackers to take over sessions of administrators through deceptive means, leading to unauthorized actions without their consent. Proper precautions and updates are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8

References

https://wordpress.org/plugins/wp-html-mail/

x_refsource_MISC

https://codemiq.com/en/

x_refsource_MISC

https://jvn.jp/en/jp/JVN42880365/index.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2021
Vulnerability Reserved
Dec 17, 2020

Wordpress

What is CVE-2021-20779?

Affected Version(s)

References

CVSS V3.1

Timeline