Login Sign Up

CVE-2021-20779

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in WordPress Email Template Designer - WP HTML Mail plugin allows attackers to trick administrators into performing unintended actions by crafting malicious requests. Administrators of WordPress sites using vulnerable plugin versions are affected, potentially leading to unauthorized changes.

💻 Affected Systems

Products:
  • WordPress Email Template Designer - WP HTML Mail
Versions: All versions prior to 3.0.8
Operating Systems: All platforms running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress administrator access to exploit, but default plugin configuration is vulnerable.

📦 What is this software?

Wordpress Email Template Designer by Codemiq

View all CVEs affecting Wordpress Email Template Designer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could hijack administrator sessions to modify plugin settings, inject malicious code, or compromise the WordPress site entirely through privilege escalation.

🟠

Likely Case

Attackers modify email templates or plugin settings to facilitate phishing campaigns, spam distribution, or inject malicious content into outgoing emails.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to unsuccessful attack attempts with no actual compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks are well-understood and easily weaponized, though specific exploit details for this vulnerability are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.8

Vendor Advisory: https://wordpress.org/plugins/wp-html-mail/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Email Template Designer - WP HTML Mail'. 4. Click 'Update Now' if available, or manually update to version 3.0.8+. 5. Verify update completes successfully.

🔧 Temporary Workarounds

CSRF Protection Headers

all

Implement additional CSRF protection via security plugins or web application firewalls

Temporary Plugin Deactivation

linux

Deactivate the plugin until patched if email template functionality is not critical

wp plugin deactivate wp-html-mail

🧯 If You Can't Patch

  • Implement strict referrer policy and CSRF tokens via security plugins
  • Restrict administrator access to trusted networks only and enforce multi-factor authentication

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins, find WP HTML Mail and verify version is below 3.0.8

Check Version:

wp plugin get wp-html-mail --field=version

Verify Fix Applied:

Confirm plugin version is 3.0.8 or higher in WordPress plugins list

📡 Detection & Monitoring

Log Indicators:

  • Unusual administrator actions without corresponding user sessions
  • Multiple failed CSRF token validations

Network Indicators:

  • POST requests to wp-html-mail admin endpoints without proper referrer headers

SIEM Query:

source="wordpress.log" AND "wp-html-mail" AND ("admin" OR "settings") AND status=200 AND referrer NOT CONTAINS own_domain

📊 Metadata

CVE ID: CVE-2021-20779
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: July 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20779, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)