HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting
ID: CVE-2022-0218
Severity: medium
Author: hexcat
Tags: cve,cve2022,wordpress,wp-plugin,xss,codemiq
Description
Section titled “Description”WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.
YAML Source
Section titled “YAML Source”id: CVE-2022-0218
info: name: HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting author: hexcat severity: medium description: WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint. impact: | An attacker can exploit this vulnerability to inject malicious scripts into the subject field of an email template, potentially leading to unauthorized access, data theft, or further compromise of the affected system. remediation: | Update to version 3.1 or later of the HTML Email Template Designer plugin to fix the vulnerability. reference: - https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched-in-html-email-template-designer-plugin/ - https://wordpress.org/plugins/wp-html-mail/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0218 - https://plugins.trac.wordpress.org/changeset/2656984/wp-html-mail/trunk/includes/class-template-designer.php - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0218 cwe-id: CWE-79 epss-score: 0.03872 epss-percentile: 0.9173 cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: codemiq product: wordpress_email_template_designer framework: wordpress tags: cve,cve2022,wordpress,wp-plugin,xss,codemiq
http: - method: GET path: - "{{BaseURL}}/index.php?rest_route=/whm/v3/themesettings"
matchers-condition: and matchers: - type: word part: body words: - '"background":' - '"footer":' condition: and
- type: word part: header words: - "application/json"
- type: status status: - 200# digest: 4a0a00473045022100b34dc5cb0c9aba9a66fccfa6da4b9e22842132eb9d86e956afe1783edfb37cb9022011a3d58cb7d2ac4695a8208a24537e33e41cf02dc989587db6ab62fb47ce9cf2:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-0218.yaml"