CVE-2019-25144

Name of the Vulnerable Software and Affected Versions WP HTML Mail plugin for WordPress versions up to, and including, 2.2.10

Description The issue arises from insufficient input sanitization, allowing unauthenticated attackers to inject arbitrary HTML in pages. This can happen if an attacker successfully tricks an administrator into performing a specific action, such as clicking on a link.

Recommendations For versions up to, and including, 2.2.10, update to a version higher than 2.2.10 to resolve the issue. As a temporary workaround, consider restricting access to areas where HTML injection could be executed until a patch is available.