Description
WordPress Plugin WP Email Template is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. Attacker supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible. WordPress Plugin WP Email Template version 2.2.10 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.3.0 or latest
References
https://blog.nintechnet.com/multiple-wordpress-plugins-vulnerable-to-html-injection/
https://plugins.svn.wordpress.org/wp-email-template/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin MailPoet Newsletters (Previous) Multiple Vulnerabilities (2.7.2)
WordPress Plugin Activity Log Information Disclosure (2.2.12)
Joomla! Core 3.0.x Clickjacking Vulnerability (3.0.0 - 3.0.1)
Internet Information Services Other Vulnerability (CVE-1999-0191)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1023)