The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-07T01:51:39.732Z

Updated: 2024-08-05T03:00:19.212Z

Reserved: 2023-06-06T13:10:14.008Z

Link: CVE-2019-25148

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-07T02:15:10.633

Modified: 2024-11-21T04:39:58.773

Link: CVE-2019-25148

cve-icon Redhat

No data.