The WP HTML Mail plugin has been installed on more than 20,000 websites. If you've built a WordPress site for your business and you use that plugin, be aware that you are at risk. A high severity security flaw was recently discovered in the plugin that could allow an attacker to perform a code injection style attack that allows the attacker to send phishing emails to the site's registered users.
The plugin is popular because it is compatible with a wide range of other plugins including BuddyPress, Ninja Forms, WooCommerce, and others. The plugin isn't as wildly popular as many others and doesn't boast an overly impressive number of total installations. However, many of the sites that do use it have large audiences which means that this flaw puts more people at risk than first meets the eye.
The flaw is being tracked as CVE-2022-0218 and was discovered on December 23rd of last year (2021). As of now the plugin's developer has released a patch that addresses the issue.
If you use the plugin check your version number. If you're using anything earlier than 3.1 update to 3.1 or later right away to protect yourself, your reputation, and the customers who have registered on your site.
The last thing you want is for your company to get a black eye when your customers start complaining about a flood of scam emails that start hitting their inboxes right after they create an account on your site.
Although the plugin developer took nearly a month to address the issue they did address it and we give them kudos for that. Here's hoping that if additional security flaws are found in their product they'll have an even faster response that will help keep their users and the customers of their users safe.
________________________________________________________________________________________________________
"Fortune Favors Who Value Time!"
Tech issues taking up your time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Technology Frustration Like Computer Issues, Phone Issues, Tablet Issues, Smart TV Issues, Smart Car Tech Issues?
"We Take Away Your Tech Frustration and Give You the Free Time You Deserve!"
Call Robert to find how we can help you with all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
