Technology Tips

February 04, 2022

This Plugin Could Put Your WordPress Site At Risk

Written By Securafy Team

The WP HTML Mail plugin has been installed on more than 20,000 websites. If you've built a WordPress site for your business and you use that plugin,  be aware that you are at risk.  A high severity security flaw was recently discovered in the plugin that could allow an attacker to perform a code injection style attack that allows the attacker to send phishing emails to the site's registered users.

The plugin is popular because it is compatible with a wide range of other plugins including BuddyPress, Ninja Forms, WooCommerce, and others.  The plugin isn't as wildly popular as many others and doesn't boast an overly impressive number of total installations. However, many of the sites that do use it have large audiences which means that this flaw puts more people at risk than first meets the eye.

The flaw is being tracked as CVE-2022-0218 and was discovered on December 23rd of last year (2021).  As of now the plugin's developer has released a patch that addresses the issue.

If you use the plugin check your version number. If you're using anything earlier than 3.1 update to 3.1 or later right away to protect yourself, your reputation, and the customers who have registered on your site.

The last thing you want is for your company to get a black eye when your customers start complaining about a flood of scam emails that start hitting their inboxes right after they create an account on your site.

Although the plugin developer took nearly a month to address the issue they did address it and we give them kudos for that.  Here's hoping that if additional security flaws are found in their product they'll have an even faster response that will help keep their users and the customers of their users safe.

Picture of Securafy Team
About The Author
Our team at Securafy brings you the best tech tips, from how-to guides and troubleshooting advice to software reviews and productivity hacks. We're all about empowering businesses with the tools and knowledge they need to thrive in the digital world. Follow our posts to stay equipped with practical insights that make tech work for you.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.