PT-2023-11377 · WordPress · Email Templates
Jerome Bruandet
·
Published
2023-06-07
·
Updated
2023-06-12
·
CVE-2019-25150
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Email Templates plugin for WordPress versions up to and including 1.3
Description
The issue allows attackers to perform HTML Injection, enabling them to present phishing forms or conduct cross-site request forgery attacks against site administrators.
Recommendations
For Email Templates plugin for WordPress versions up to and including 1.3, update to a version higher than 1.3 to resolve the issue.
Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Email Templates