Skip to content
February 7, 2023
  • +91 951 380 5401
  • [email protected]
  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
news4-logo-news4hacker

cyber-security-diploma-course
Primary Menu news4-logo-news4hacker

  • Home
  • News
  • Latest News
  • Walkthrough
  • Jobs And Internships
  • Tutorial
  • Contact Us
  • Home
  • Uncategorized
  • WordPress WP HTML Mail plugin Vulnerable to XSS
  • Featured
  • news
  • Uncategorized
  • Vulnerability

WordPress WP HTML Mail plugin Vulnerable to XSS

January 25, 2022 Tinku
WP HTML Mail plugin Vulnerable
Post Views: 105

The XSS vulnerability in the WordPress WP HTML Mail plugin for personalized emails makes it vulnerable to code injection and phishing.
Because of the high severity, cross-site scripting (XSS) flaw discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing bespoke emails, over 20,000 WordPress sites are exposed to malicious code injection, phishing scams, and more.WordPress WP HTML Mail plugin Vulnerable to XSS |

Wordfence researcher Chloe Chamberland discovered the new vulnerability (CVE-2022-0218, CVSS score 8.3), which was triggered by a misconfigured setup in the REST-API routes used to update the template and change settings, according to Chamberland. To put it another way, there was no need for authentication to use the REST-API endpoint.
“As a result, any user might utilize the REST-API endpoint to save or retrieve the email’s theme settings,” Chamberland stated. “[They] could inject malicious JavaScript into the mail template, which would run whenever a site administrator entered the HTML mail editor,” according to the report.

Threat actors could use legitimate site templates to send phishing emails, introduce backdoors, implement site redirection, and utilize valid site templates to send phishing emails, among other things – including site takeovers.
“When combined with the fact that the vulnerability can be exploited by attackers with no privileges on a vulnerable site,” Chamberland said, “this means that unauthenticated attackers have a high chance of gaining administrative user access on sites running the vulnerable version of the plugin if successfully exploited.”

According to Chamberland, the plugin has been installed on 20,000 sites and is compatible with other plugins used by popular WordPress sites, such as eCommerce platform WooCommerce, online form builder Ninja Forms, and community builder plugin BuddyPress.
“We urge all WordPress site owners to quickly verify that their site has been updated to the latest version that has been patched, that is version 3.1,” Chamberland continued.
This recent revelation comes only a week after Risk-Based Security revealed that the number of WordPress plugin vulnerabilities increased by a factor of ten in 2021.

Three WordPress plugins with the same flaw were disclosed in the same week, exposing 84,000 sites using eCommerce add-ons to full site takeovers.
Chamberland advises WordPress site admins to make sure they’re using the most recent version, WordPress Email Template Designer — WP HTML Mail version 3.1.

Visit site for Online Course:- Click here

 

Tinku

See author's posts

Tags: wordpress path based vulnerability, wordpress security vulnerabilities 2021, wordpress wp html mail plugin vulnerable to xss, wp login vulnerability

Continue Reading

Previous Data Breach laws in 2022 by Indian Authorities
Next Ukrainian Government Websites got hacked

More Stories

Confidential Data Compromised in Cyber Attack: Arnold Clark
  • hacking
  • Latest hacking new
  • Latest News
  • news
  • Online Cyber Frauds

Confidential Data Compromised in Cyber Attack: Arnold Clark

February 3, 2023 Sandhyakumari
Work From Home Job
  • cyber attacks
  • hacking
  • Latest hacking news
  • Latest News
  • news
  • Online Cyber Frauds

Online Work From Home Job Offers? Please Refrain from Investing. Why?

January 29, 2023 Sandhyakumari
Darkweb hackers
  • hacking
  • Latest News
  • news
  • Online Cyber Frauds

Darkweb hackers hacked the email server of the Ministry of External Affairs.

January 28, 2023 Sandhyakumari

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Latest
  • Popular
  • Trending
  • Data Breach
    • Data Breach
    • hacking
    • Latest hacking news
    • Online Cyber Frauds

    PeopleConnect has confirmed the data breach Incident of 20 M Accounts

    February 5, 2023 Sandhyakumari
  • Confidential Data Compromised in Cyber Attack: Arnold Clark
    • hacking
    • Latest hacking new
    • Latest News
    • news
    • Online Cyber Frauds

    Confidential Data Compromised in Cyber Attack: Arnold Clark

    February 3, 2023 Sandhyakumari
    • Walkthrough

    DC:5 Vulnhub Machine Walkthrough

    January 31, 2023 Sandhyakumari
  • Work From Home Job
    • cyber attacks
    • hacking
    • Latest hacking news
    • Latest News
    • news
    • Online Cyber Frauds

    Online Work From Home Job Offers? Please Refrain from Investing. Why?

    January 29, 2023 Sandhyakumari
  • Darkweb hackers
    • hacking
    • Latest News
    • news
    • Online Cyber Frauds

    Darkweb hackers hacked the email server of the Ministry of External Affairs.

    January 28, 2023 Sandhyakumari
    • Latest News

    People Are Getting Hacked By The Cyber Criminals In Order To Get There Internet Connection Fast.

    August 31, 2021 Tushar
  • jamtara
    • Cyber Security
    • Latest News

    To Reduce Crime In The City OF Crime “Jamtara” Teachers Become Police Officers .

    August 19, 2021 Tushar
  • Bangalore City Police
    • Latest News

    UK Friend took advantage of woman’s 8 accessed bank accounts turns to be a cyber thug.

    August 2, 2021 Tushar
  • Market Again in Hype because of Latest Hacking Tools in 2022
    • Cyber Security
    • Data Breach
    • Data Science
    • Hacking Tools
    • Latest News
    • Ransomware Attack
    • Ransomware attacks

    Navigating Threat Situations 2021 – From Ransomware to Botnets

    November 11, 2021 Tinku
  • Database Getting Sold on Darkweb
    • Data Breach
    • Featured
    • Latest News

    AirIndia | Dominos | Tata Communication | Upstox | SBI Yono App | Mobikwik | True Caller | Indian | Data Available Online for Sale

    May 28, 2021 news4
  • Data Breach
    • Data Breach
    • hacking
    • Latest hacking news
    • Online Cyber Frauds

    PeopleConnect has confirmed the data breach Incident of 20 M Accounts

    February 5, 2023 Sandhyakumari
  • Confidential Data Compromised in Cyber Attack: Arnold Clark
    • hacking
    • Latest hacking new
    • Latest News
    • news
    • Online Cyber Frauds

    Confidential Data Compromised in Cyber Attack: Arnold Clark

    February 3, 2023 Sandhyakumari
    • Walkthrough

    DC:5 Vulnhub Machine Walkthrough

    January 31, 2023 Sandhyakumari
  • Work From Home Job
    • cyber attacks
    • hacking
    • Latest hacking news
    • Latest News
    • news
    • Online Cyber Frauds

    Online Work From Home Job Offers? Please Refrain from Investing. Why?

    January 29, 2023 Sandhyakumari
  • Darkweb hackers
    • hacking
    • Latest News
    • news
    • Online Cyber Frauds

    Darkweb hackers hacked the email server of the Ministry of External Affairs.

    January 28, 2023 Sandhyakumari

Categories

Apple bitcoin Blockchain Techonology cloud computing cryptocurrency Cryptoghraphy cyber-war cyber attacks Cyber Security Darkweb database Data Breach Data Science Featured Google hacking Hacking Tools Hacking Tutorials IoT kali linux Latest hacking new Latest hacking news Latest Hacking Tools Latest News Machine Learning  Malware Malware attack Microsoft server attacks mobile technology Network Security news Online Cyber Frauds penetrationtesting Phishing Phishing Attack prevent ransomware attacks python Ransomware Attack Ransomware attacks RHCE Technology Uncategorized Vulnerability Walkthrough zero-day

CoverNews Social

  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube

You may have missed

Data Breach
  • Data Breach
  • hacking
  • Latest hacking news
  • Online Cyber Frauds

PeopleConnect has confirmed the data breach Incident of 20 M Accounts

February 5, 2023 Sandhyakumari
Confidential Data Compromised in Cyber Attack: Arnold Clark
  • hacking
  • Latest hacking new
  • Latest News
  • news
  • Online Cyber Frauds

Confidential Data Compromised in Cyber Attack: Arnold Clark

February 3, 2023 Sandhyakumari
  • Walkthrough

DC:5 Vulnhub Machine Walkthrough

January 31, 2023 Sandhyakumari
Work From Home Job
  • cyber attacks
  • hacking
  • Latest hacking news
  • Latest News
  • news
  • Online Cyber Frauds

Online Work From Home Job Offers? Please Refrain from Investing. Why?

January 29, 2023 Sandhyakumari
Darkweb hackers
  • hacking
  • Latest News
  • news
  • Online Cyber Frauds

Darkweb hackers hacked the email server of the Ministry of External Affairs.

January 28, 2023 Sandhyakumari

News4hacker

News4Hacker is a sister vertical of Craw Security. As the name suggests, we deliver crucial information related to cyber threats and varied hacking incidents news happening all over the world on real-time basis.

Recent Posts

  • PeopleConnect has confirmed the data breach Incident of 20 M Accounts
  • Confidential Data Compromised in Cyber Attack: Arnold Clark
  • DC:5 Vulnhub Machine Walkthrough

Contact us

1st Floor, Plot no. 4, Lane no. 2, Kehar Singh Estate Westend Marg Behind Saket Metro Station Saidulajab New Delhi – 110030
Contact us : +91 951 380 5401
Email Id : [email protected]

  • Home
  • News
  • Latest News
  • Walkthrough
  • Jobs And Internships
  • Tutorial
  • Contact Us
  • Instagram
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
Copyright © 2023 | CoverNews by AF themes.