WordPress · Importexporttools Ng · CVE-2021-47768
**Name of the Vulnerable Software and Affected Versions**
ImportExportTools NG version 10.0.4
**Description**
ImportExportTools NG has a persistent HTML injection issue in the email export module. Remote attackers can inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that executes during HTML export, potentially compromising user data or session credentials.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.