Blog

This Plugin Could Put Your WordPress Site At Risk

Feb 4, 2022 | Blog

The WP HTML Mail plugin has been installed on more than 20,000 websites. If you’ve built a WordPress site for your business and you use that plugin,  be aware that you are at risk.  A high severity security flaw was recently discovered in the plugin that could allow an attacker to perform a code injection style attack that allows the attacker to send phishing emails to the site’s registered users.

The plugin is popular because it is compatible with a wide range of other plugins including BuddyPress, Ninja Forms, WooCommerce, and others.  The plugin isn’t as wildly popular as many others and doesn’t boast an overly impressive number of total installations. However, many of the sites that do use it have large audiences which means that this flaw puts more people at risk than first meets the eye.

The flaw is being tracked as CVE-2022-0218 and was discovered on December 23rd of last year (2021).  As of now the plugin’s developer has released a patch that addresses the issue.

If you use the plugin check your version number. If you’re using anything earlier than 3.1 update to 3.1 or later right away to protect yourself, your reputation, and the customers who have registered on your site.

The last thing you want is for your company to get a black eye when your customers start complaining about a flood of scam emails that start hitting their inboxes right after they create an account on your site.

Although the plugin developer took nearly a month to address the issue they did address it and we give them kudos for that.  Here’s hoping that if additional security flaws are found in their product they’ll have an even faster response that will help keep their users and the customers of their users safe.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech