CVE-2021-20779

EUVD-2021-8191
Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
codemiqwordpress_email_template_designer
𝑥
< 3.0.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://codemiq.com/en/
https://jvn.jp/en/jp/JVN42880365/index.html
https://wordpress.org/plugins/wp-html-mail/
https://codemiq.com/en/
https://jvn.jp/en/jp/JVN42880365/index.html
https://wordpress.org/plugins/wp-html-mail/