cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-email-template wp-email-template

Direction: ascending
Jun 06, 2024

WP Email Template # CVE-2019-25144

CVE, Research URL

CVE-2019-25144

Home page URL

Security reports for WP Email Template

Application

WP Email Template

Date
Jun 07, 2023
Research Description
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link.
Affected versions
Min -, max -.
Status
vulnerable

WP Email Template # d1b0f784da3ca0f399c542515fda1423816819f0

CVE, Research URL

d1b0f784da3ca0f399c542515fda1423816819f0

Home page URL

Security reports for WP Email Template

Application

WP Email Template

Date
Nov 02, 2022
Research Description
WP Email Template [wp-email-template] < 2.2.11 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset The following plugins for WordPress are vulnerable to Cross-Site Request Forgery: a3 Lazy Load (<= 2.6.0), Contact Us Page – Contact People (<= 3.6.1), a3 Portfolio (<= 3.0.1), Dynamic Product Gallery for WooCommerce (3.0.1), a3 Responsive Slider (<= 2.2.0), Compare Products for WooCommerce (<= 2.8.2), Products Quick View for WooCommerce (<= 2.0.1), Product Sort and Display for WooCommerce (<= 2.2.2), Product Widget Slider for WooCommerce (), WP Email Template (<= 2.6.2). This is due to missing nonce validation on the reset_settings() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max -.
Status
vulnerable
Sep 07, 2025

WP Email Template # CVE-2025-58800

CVE, Research URL

CVE-2025-58800

Home page URL

Security reports for WP Email Template

Application

WP Email Template

Date
Sep 05, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Steve Truman WP Email Template allows Cross Site Request Forgery. This issue affects WP Email Template: from n/a through 2.8.3.
Affected versions
Min -, max -.
Status
vulnerable