PT-2025-50756 · WordPress · Fof Pretty Mail

Published

2025-12-11

Updated

2025-12-12

CVE-2024-58303

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions FoF Pretty Mail version 1.1.2

Description The software contains a server-side template injection issue that allows administrative users to inject malicious code into email templates. An attacker can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336

Related Identifiers

CVE-2024-58303

GHSA-947Q-2XW3-GX9C

Affected Products

Fof Pretty Mail

PT-2025-50756 · WordPress · Fof Pretty Mail

CVE-2024-58303

Weakness Enumeration

Related Identifiers

Affected Products

References · 8