WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route
CVE-2022-0218

8.3HIGH

Key Information:

Vendor: WordPress
Status: WP Html Mail
Vendor: CVE Published:; 4 February 2022

Summary

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site.

Affected Version(s)

WP HTML Mail 3.0.9

References

https://www.wordfence.com/blog/2022/01/unauthenticated-xs...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2656984/wp-h...

x_refsource_MISC

EPSS Score

81% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
Jan 13, 2022

Credit

Chloe Chamberland, Wordfence