Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High2
Medium0
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2024-11-21

CVE-2022-0218 - Wordpress Email Template Designer Plugin

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site.

PLUGIN Wordpress Email Template Designer

CVE-2022-0218

HIGH CVSS 8.3 2022-02-04
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-20779 - Wordpress Email Template Designer Plugin

Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.

PLUGIN Wordpress Email Template Designer

CVE-2021-20779

HIGH CVSS 8.8 2021-07-07
Open Full Technical Breakdown
Scroll to top