WordPress WP HTML Mail plugin Vulnerable to XSS
The XSS vulnerability in the WordPress WP HTML Mail plugin for personalized emails makes it vulnerable to code injection and phishing.
Because of the high severity, cross-site scripting (XSS) flaw discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing bespoke emails, over 20,000 WordPress sites are exposed to malicious code injection, phishing scams, and more.WordPress WP HTML Mail plugin Vulnerable to XSS |
Wordfence researcher Chloe Chamberland discovered the new vulnerability (CVE-2022-0218, CVSS score 8.3), which was triggered by a misconfigured setup in the REST-API routes used to update the template and change settings, according to Chamberland. To put it another way, there was no need for authentication to use the REST-API endpoint.
“As a result, any user might utilize the REST-API endpoint to save or retrieve the email’s theme settings,” Chamberland stated. “[They] could inject malicious JavaScript into the mail template, which would run whenever a site administrator entered the HTML mail editor,” according to the report.
Threat actors could use legitimate site templates to send phishing emails, introduce backdoors, implement site redirection, and utilize valid site templates to send phishing emails, among other things – including site takeovers.
“When combined with the fact that the vulnerability can be exploited by attackers with no privileges on a vulnerable site,” Chamberland said, “this means that unauthenticated attackers have a high chance of gaining administrative user access on sites running the vulnerable version of the plugin if successfully exploited.”
According to Chamberland, the plugin has been installed on 20,000 sites and is compatible with other plugins used by popular WordPress sites, such as eCommerce platform WooCommerce, online form builder Ninja Forms, and community builder plugin BuddyPress.
“We urge all WordPress site owners to quickly verify that their site has been updated to the latest version that has been patched, that is version 3.1,” Chamberland continued.
This recent revelation comes only a week after Risk-Based Security revealed that the number of WordPress plugin vulnerabilities increased by a factor of ten in 2021.
Three WordPress plugins with the same flaw were disclosed in the same week, exposing 84,000 sites using eCommerce add-ons to full site takeovers.
Chamberland advises WordPress site admins to make sure they’re using the most recent version, WordPress Email Template Designer — WP HTML Mail version 3.1.
Visit site for Online Course:- Click here
