Skip to content
June 5, 2023
  • +91 951 380 5401
  • [email protected]
  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
news4-logo-news4hacker

cyber-security-diploma-course
Primary Menu news4-logo-news4hacker

  • Home
  • News
  • Latest News | News4hackers
  • Walkthrough
  • Jobs And Internships
  • Tutorial
  • Contact Us
  • Home
  • Uncategorized
  • WordPress WP HTML Mail plugin Vulnerable to XSS
  • Featured
  • news
  • Uncategorized
  • Vulnerability

WordPress WP HTML Mail plugin Vulnerable to XSS

January 25, 2022 Tinku
WP HTML Mail plugin Vulnerable
Post Views: 298

The XSS vulnerability in the WordPress WP HTML Mail plugin for personalized emails makes it vulnerable to code injection and phishing.
Because of the high severity, cross-site scripting (XSS) flaw discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing bespoke emails, over 20,000 WordPress sites are exposed to malicious code injection, phishing scams, and more.WordPress WP HTML Mail plugin Vulnerable to XSS |

Wordfence researcher Chloe Chamberland discovered the new vulnerability (CVE-2022-0218, CVSS score 8.3), which was triggered by a misconfigured setup in the REST-API routes used to update the template and change settings, according to Chamberland. To put it another way, there was no need for authentication to use the REST-API endpoint.
“As a result, any user might utilize the REST-API endpoint to save or retrieve the email’s theme settings,” Chamberland stated. “[They] could inject malicious JavaScript into the mail template, which would run whenever a site administrator entered the HTML mail editor,” according to the report.

Threat actors could use legitimate site templates to send phishing emails, introduce backdoors, implement site redirection, and utilize valid site templates to send phishing emails, among other things – including site takeovers.
“When combined with the fact that the vulnerability can be exploited by attackers with no privileges on a vulnerable site,” Chamberland said, “this means that unauthenticated attackers have a high chance of gaining administrative user access on sites running the vulnerable version of the plugin if successfully exploited.”

According to Chamberland, the plugin has been installed on 20,000 sites and is compatible with other plugins used by popular WordPress sites, such as eCommerce platform WooCommerce, online form builder Ninja Forms, and community builder plugin BuddyPress.
“We urge all WordPress site owners to quickly verify that their site has been updated to the latest version that has been patched, that is version 3.1,” Chamberland continued.
This recent revelation comes only a week after Risk-Based Security revealed that the number of WordPress plugin vulnerabilities increased by a factor of ten in 2021.

Three WordPress plugins with the same flaw were disclosed in the same week, exposing 84,000 sites using eCommerce add-ons to full site takeovers.
Chamberland advises WordPress site admins to make sure they’re using the most recent version, WordPress Email Template Designer — WP HTML Mail version 3.1.

Visit site for Online Course:- Click here

 

Tinku

See author's posts

Tags: wordpress path based vulnerability, wordpress security vulnerabilities 2021, wordpress wp html mail plugin vulnerable to xss, wp login vulnerability

Continue Reading

Previous Data Breach laws in 2022 by Indian Authorities
Next Ukrainian Government Websites got hacked

More Stories

43.24% fell victim to cyberattack
  • cyber attacks
  • Latest hacking news
  • news

In Haryana, between the ages of 19 – 45, 43.24% fell victim to cyberattack in 2022–2023

June 5, 2023 Sandhyakumari
Online Fraud of $1.18 lakh
  • Latest hacking news
  • Latest News | News4hackers
  • news
  • Online Cyber Frauds

A 17-year-old Panchkula teen was duped in an Online Fraud of $1.18 lakh related to “escort services.”

June 4, 2023 Sandhyakumari
Illegal withdrawal of ₹7 lakhs
  • Latest News | News4hackers
  • news

Illegal withdrawal of ₹7 lakhs by breaking the bank manager’s fixed deposit, one arrested

June 3, 2023 Tahir

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Latest
  • Popular
  • Trending
  • 43.24% fell victim to cyberattack
    • cyber attacks
    • Latest hacking news
    • news

    In Haryana, between the ages of 19 – 45, 43.24% fell victim to cyberattack in 2022–2023

    June 5, 2023 Sandhyakumari
  • Online Fraud of $1.18 lakh
    • Latest hacking news
    • Latest News | News4hackers
    • news
    • Online Cyber Frauds

    A 17-year-old Panchkula teen was duped in an Online Fraud of $1.18 lakh related to “escort services.”

    June 4, 2023 Sandhyakumari
  • Illegal withdrawal of ₹7 lakhs
    • Latest News | News4hackers
    • news

    Illegal withdrawal of ₹7 lakhs by breaking the bank manager’s fixed deposit, one arrested

    June 3, 2023 Tahir
  • A Cyber Fraud In Odisha
    • news
    • Nmap
    • Online Cyber Frauds

    4 People Arrested For Defrauding A Man Out Of ₹14 Lakhs In A Cyber Fraud In Odisha

    June 2, 2023 Sandhyakumari
  • file archiver in the browser
    • Latest hacking news
    • Latest News | News4hackers
    • news
    • Phishing
    • Phishing Attack

    A new phishing method called “file archiver in the browser” that makes use of zip domains should be avoided.

    June 1, 2023 Sandhyakumari
    • Latest News | News4hackers

    People Are Getting Hacked By The Cyber Criminals In Order To Get There Internet Connection Fast.

    August 31, 2021 Tushar
  • Researchers Break Intel SGX
    • Cyber Security
    • Latest Hacking Tools
    • Latest News | News4hackers
    • Online Cyber Frauds

    Researchers Break Intel SGX With New ‘SmashEx’ CPU Attack Technique

    October 21, 2021 Tinku
  • jamtara
    • Cyber Security
    • Latest News | News4hackers

    To Reduce Crime In The City OF Crime “Jamtara” Teachers Become Police Officers .

    August 19, 2021 Tushar
  • Bangalore City Police
    • Latest News | News4hackers

    UK Friend took advantage of woman’s 8 accessed bank accounts turns to be a cyber thug.

    August 2, 2021 Tushar
  • Database Getting Sold on Darkweb
    • Data Breach Archives
    • Featured
    • Latest News | News4hackers

    AirIndia | Dominos | Tata Communication | Upstox | SBI Yono App | Mobikwik | True Caller | Indian | Data Available Online for Sale

    May 28, 2021 news4
  • 43.24% fell victim to cyberattack
    • cyber attacks
    • Latest hacking news
    • news

    In Haryana, between the ages of 19 – 45, 43.24% fell victim to cyberattack in 2022–2023

    June 5, 2023 Sandhyakumari
  • Online Fraud of $1.18 lakh
    • Latest hacking news
    • Latest News | News4hackers
    • news
    • Online Cyber Frauds

    A 17-year-old Panchkula teen was duped in an Online Fraud of $1.18 lakh related to “escort services.”

    June 4, 2023 Sandhyakumari
  • Illegal withdrawal of ₹7 lakhs
    • Latest News | News4hackers
    • news

    Illegal withdrawal of ₹7 lakhs by breaking the bank manager’s fixed deposit, one arrested

    June 3, 2023 Tahir
  • A Cyber Fraud In Odisha
    • news
    • Nmap
    • Online Cyber Frauds

    4 People Arrested For Defrauding A Man Out Of ₹14 Lakhs In A Cyber Fraud In Odisha

    June 2, 2023 Sandhyakumari
  • file archiver in the browser
    • Latest hacking news
    • Latest News | News4hackers
    • news
    • Phishing
    • Phishing Attack

    A new phishing method called “file archiver in the browser” that makes use of zip domains should be avoided.

    June 1, 2023 Sandhyakumari

Categories

Apple Articles bitcoin Blockchain Techonology cryptocurrency Cryptoghraphy cyber-war cyber attacks Cyber Security Darkweb database Data Breach Archives Data Science Archives Featured Google Hacking Archives | News4hackers Hacking Tools Hacking Tutorials IoT kali linux Latest hacking news latest hacking news in world Latest Hacking Tools Latest News | News4hackers Machine Learning  Malware Malware attack Microsoft server attacks mobile technology Network Security news Online Cyber Frauds penetrationtesting Phishing Phishing Attack prevent ransomware attacks python Ransomware Attack Ransomware attacks RHCE Technology Uncategorized Vulnerability Walkthrough zero-day

Join Us on Social Media

  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube

You may have missed

43.24% fell victim to cyberattack
  • cyber attacks
  • Latest hacking news
  • news

In Haryana, between the ages of 19 – 45, 43.24% fell victim to cyberattack in 2022–2023

June 5, 2023 Sandhyakumari
Online Fraud of $1.18 lakh
  • Latest hacking news
  • Latest News | News4hackers
  • news
  • Online Cyber Frauds

A 17-year-old Panchkula teen was duped in an Online Fraud of $1.18 lakh related to “escort services.”

June 4, 2023 Sandhyakumari
Illegal withdrawal of ₹7 lakhs
  • Latest News | News4hackers
  • news

Illegal withdrawal of ₹7 lakhs by breaking the bank manager’s fixed deposit, one arrested

June 3, 2023 Tahir
A Cyber Fraud In Odisha
  • news
  • Nmap
  • Online Cyber Frauds

4 People Arrested For Defrauding A Man Out Of ₹14 Lakhs In A Cyber Fraud In Odisha

June 2, 2023 Sandhyakumari
file archiver in the browser
  • Latest hacking news
  • Latest News | News4hackers
  • news
  • Phishing
  • Phishing Attack

A new phishing method called “file archiver in the browser” that makes use of zip domains should be avoided.

June 1, 2023 Sandhyakumari

News4hacker

News4Hacker is a sister vertical of Craw Security. As the name suggests, we deliver crucial information related to cyber threats and varied hacking incidents news happening all over the world on real-time basis.

Recent Posts

  • In Haryana, between the ages of 19 – 45, 43.24% fell victim to cyberattack in 2022–2023
  • A 17-year-old Panchkula teen was duped in an Online Fraud of $1.18 lakh related to “escort services.”
  • Illegal withdrawal of ₹7 lakhs by breaking the bank manager’s fixed deposit, one arrested

Contact us

1st Floor, Plot no. 4, Lane no. 2, Kehar Singh Estate Westend Marg Behind Saket Metro Station Saidulajab New Delhi – 110030
Contact us : +91 951 380 5401
Email Id : [email protected]

  • Home
  • News
  • Latest News | News4hackers
  • Walkthrough
  • Jobs And Internships
  • Tutorial
  • Contact Us
  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
Copyright © 2023 | Craw Cyber Security Pvt Ltd. All Rights Reserved.