CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-47181 – WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47181
Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en wpexpertsio Email Templates Customizer and Designer para WordPress y WooCommerce permite Cross-Site Request Forgery (CSRF). Este problema afecta Email Templates Customizer and Designer for WordPress and WooCommerce: desde n/a hasta 1.4.2 . The Email Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the send_test_email function. • https://patchstack.com/database/vulnerability/email-templates/wordpress-email-templates-plugin-1-4-2-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-25150 – Email Templates <= 1.3 - HTML Injection
https://notcve.org/view.php?id=CVE-2019-25150
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators. • https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection https://wordpress.org/plugins/email-templates/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •