CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47181 – WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47181
03 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en wpexpertsio Email Templates Customizer and Designer para WordPress y WooCommerce permite Cross-Site Request Forgery (CSRF). Este problema afecta Email Templa... • https://patchstack.com/database/vulnerability/email-templates/wordpress-email-templates-plugin-1-4-2-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25150 – Email Templates <= 1.3 - HTML Injection
https://notcve.org/view.php?id=CVE-2019-25150
25 Oct 2019 — The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators. • https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •