CVE-2022-0218 The WP HTML Mail plugin is vulnerable to unauthorized access because it lacks capability checks on the /themesettings REST-API endpoint.

CVE-2022-0218 The WP HTML Mail plugin is vulnerable to unauthorized access because it lacks capability checks on the /themesettings REST-API endpoint.

This results in the attackers being able to modify the settings of the site, for example, to steal cookie data, add malicious JavaScript, etc.

In addition to this, WP HTML Mail WordPress plugin versions up to and including 3.0.9 are vulnerable to a cross-site scripting issue. This makes it possible for attackers to inject malicious code into the site by injecting it into the email generated by the email administration interface, in versions up to and including 3.0.9.

Finally, WP HTML Mail WordPress plugin versions up to and including 3.0.9 are vulnerable to a SQL injection issue. This makes it possible for attackers to execute arbitrary SQL commands in the database of a vulnerable WordPress site, in versions up to and including 3.0.9.

All of these security issues can be exploited by malicious people to exploit user data, obtain access to user data, steal user credentials, infect machines, gain root access, etc.

How do I know if my WordPress site is vulnerable to the WP HTML Mail SQL Injection Remote Code Execu -

tion Remote Code Execution (RCE) vulnerability?
The best way to check if your WordPress site is vulnerable to the WP HTML Mail SQL Injection Remote Code Execu-tion Remote Code Execution (RCE) vulnerability is to use a reliable and up-to-date security scanner.

##wp html mail v3.0.10 – wpmail 3.0.10 -beta1

version 3.0.10-beta1 includes a fix for these vulnerabilities as well as some minor improvements:
- Corrects an issue that prevented the admin email format from being outputted in IE 7 and 8
- Fixes an issue that prevented the title and subject of emails from being updated when changing the content of emails
- Addresses the SQL injection vulnerability by using a sanitization function to remove all spaces in email addresses to prevent SQL Injection attacks

WordPress SQL Injection Vulnerability

SQL Injection is a type of injection attack in which malicious data is injected into an SQL query. This causes the SQL database to be manipulated in unexpected ways, often resulting in sensitive data disclosure or privilege escalation.

WordPress uses MySQL as its database backend, which has been known to be vulnerable to SQL injection attacks in the past. However, WordPress WP HTML Mail plugin versions up to and including 3.0.9 exposes a vulnerability that may allow attackers to execute arbitrary SQL commands on the site’s database.

As such, it would be possible for attackers to execute arbitrary SQL commands on a vulnerable WordPress site by injecting them into an email generated by WP HTML Mail plugin versions up to and including 3.0.9.

WP HTML Mail Plugin – How it works?

The WP HTML Mail plugin is used to create custom email templates in WordPress. The plugin works within the WordPress dashboard and it does not require a developer to be installed for the user to utilize it. This means that anyone using this plugin can potentially run into security concerns, as there are many different ways by which an attacker could exploit this vulnerability.

The first of these vulnerabilities is the cross-site scripting issue that was discovered in version 3.0.9 of the plugin. This vulnerability was discovered by researchers at Sucuri, who found that a malicious payload could become injected into emails created by the plugin through the email administration interface. If exploited, an attacker could potentially access any other areas of the site if they have permission and thereby steal cookie data, add malicious JavaScript, etc.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe