CVE-2019-25148

Name of the Vulnerable Software and Affected Versions WP HTML Mail plugin for WordPress versions up to, and including, 2.9.0.3

Description The issue arises from insufficient input sanitization, allowing unauthenticated attackers to inject arbitrary HTML in pages. This can be achieved if an attacker successfully tricks an administrator into performing a specific action, such as clicking on a link.

Recommendations For WP HTML Mail plugin for WordPress versions up to, and including, 2.9.0.3, update to a version higher than 2.9.0.3 to resolve the issue.