CVE-2022-0218

high-risk
Published 2022-02-04

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site.

Do I need to act?

!
62.4% chance of exploitation in next 30 days
EPSS score — higher than 38% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.3/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Codemiq

References (4)

Patch https://plugins.trac.wordpress.org/changeset/2656984/wp-html-mail/trunk/includes...
Exploit https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched...
Patch https://plugins.trac.wordpress.org/changeset/2656984/wp-html-mail/trunk/includes...
Exploit https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched...
53
/ 100
high-risk
Severity 29/34 · Critical
Exploitability 19/34 · Moderate
Exposure 5/34 · Minimal