Description
WordPress Plugin WP Email Template is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. Attacker supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible. WordPress Plugin WP Email Template version 2.2.10 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.3.0 or latest
References
https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/
https://plugins.svn.wordpress.org/wp-email-template/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Advanced AJAX Page Loader Cross-Site Request Forgery (2.7.7)
WordPress Plugin Another WordPress Classifieds Unspecified Vulnerability (1.8.9.4)
MySQL CVE-2021-35628 Vulnerability (CVE-2021-35628)
e107 Other Vulnerability (CVE-2004-2028)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37147)