54 lines
2.0 KiB
YAML
54 lines
2.0 KiB
YAML
id: CVE-2022-0218
|
|
|
|
info:
|
|
name: HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
|
|
author: hexcat
|
|
severity: medium
|
|
description: WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.
|
|
impact: |
|
|
An attacker can exploit this vulnerability to inject malicious scripts into the subject field of an email template, potentially leading to unauthorized access, data theft, or further compromise of the affected system.
|
|
remediation: |
|
|
Update to version 3.1 or later of the HTML Email Template Designer plugin to fix the vulnerability.
|
|
reference:
|
|
- https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched-in-html-email-template-designer-plugin/
|
|
- https://wordpress.org/plugins/wp-html-mail/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-0218
|
|
- https://plugins.trac.wordpress.org/changeset/2656984/wp-html-mail/trunk/includes/class-template-designer.php
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2022-0218
|
|
cwe-id: CWE-79
|
|
epss-score: 0.03872
|
|
epss-percentile: 0.91041
|
|
cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:wordpress:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: codemiq
|
|
product: wordpress_email_template_designer
|
|
framework: wordpress
|
|
tags: cve,cve2022,wordpress,wp-plugin,xss,codemiq
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/index.php?rest_route=/whm/v3/themesettings"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"background":'
|
|
- '"footer":'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "application/json"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 490a00463044022064bd237723ae444eccdae4441dd01095496ab09b0f3e7910f10b73a9d96c775c0220639770df2f57c70a8343d00ef5b6da98c2326ef4f6c3cc0550c3e51ccc3810e5:922c64590222798bb761d5b6d8e72950 |