The XSS vulnerability in the WordPress WP HTML Mail plugin for customized emails poses a great risk to malicious codes injection and hacking.
Because of the high-severity cross-site scripting (XSS) security vulnerability discovered in the WordPress Template Designer Email, a tool for designing personalized emails, over 20K WordPress domains are susceptible to malicious software injection, data theft, and much more.
Threat actors can use authentic site templates to deliver malicious emails, introduce spyware, execute site redirection, and much more – including website takeovers.
Chloe Chamberland, a Wordfence researcher, discovered the new bug (CVE-2022-0218, CVSS score 8.3) triggered by a misconfigured setup in the REST-API routes designed to directly upgrade the templates and change the settings.
Chamberland also stated that unauthenticated attackers have a high chance at getting administrative access privileges on web pages operating the vulnerable WordPress plugins if successfully exploited.”
So Chamberland urge WordPress site users to quickly verify that their sites have been upgraded to the most recent version available, which at this moment is version 3.1.
#Plugins #Exposes #WordPress #Sites #Cybersecurity #News
The Secure Family News Cycle Never Stops
- July 6, 2024
Share:
Related Posts
