WordPress Vulnerability
THREAT HUNTER (GUARD YOUR DEVICE)
Vulnerability News #0001
January 21, 2022
Name News : WordPress Vulnerability
Affected System : WordPress Platform
Vulnerability Involved : CVE-2022-0218
News Detail
The WordPress WP HTML Mail plugin is vulnerable to a critical flaw that might result in code injection and the distribution of convincing phishing emails. Over 20,000 websites use it. 'WP HTML Mail' is a WordPress plugin that lets you produce custom emails, contact form notifications, and other messages that online platforms send to its users. Unauthenticated attackers could take advantage of the CVE-2022-0218 weakness to change the email template to include arbitrary data of their choosing. The same issue can be used by threat actors to send phishing emails to everyone who has registered on the stolen sites.
The researchers discovered the flaw and notified the plugin's creator, but they did not receive a response until January 10, 2022. A security remedy for the vulnerability was released with the release of version 3.1 on January 13, 2022. As a result, all WordPress site owners and administrators should update the 'WP HTML Mail' plugin to the most recent version.
Imprint
Allow an unauthenticated actor to modify the email template to contain arbitrary data of the attacker's choosing.
Allow threat actors can also utilize the same flaw to send phishing emails to anyone who has registered on the hacked sites.
Suggestion
Update to the Version 3.1
References:
© SAS Threat Hunter
Direct to sasmoza.enterprise Sdn. Bhd for Subscribing News
Comments
Post a Comment