CVE-2019-25150
First published: Wed Jun 07 2023(Updated: )
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wpexperts Email Templates | <1.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-25150?
CVE-2019-25150 is a vulnerability in the Email Templates plugin for WordPress that allows for HTML Injection.
How does CVE-2019-25150 affect WordPress websites?
CVE-2019-25150 allows attackers to perform HTML Injection attacks, which can lead to phishing forms and cross-site request forgery (CSRF) attacks against site administrators.
What version of the Email Templates plugin is affected by CVE-2019-25150?
Versions up to and including 1.3.1 of the Email Templates plugin for WordPress are affected by CVE-2019-25150.
How severe is CVE-2019-25150?
CVE-2019-25150 has a severity rating of 8.8 (high).
How can I fix CVE-2019-25150 on my WordPress website?
To fix CVE-2019-25150, update the Email Templates plugin to version 1.3.2 or newer.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/wpexperts
- canonical/wpexperts email templates