Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-20361
HistoryJan 08, 2020 - 6:15 a.m.

CVE-2019-20361

2020-01-0806:15:12
CWE-89
[email protected]
web.nvd.nist.gov
190
wordpress
plugin
email subscribers & newsletters
sql injection
vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.277 Low

EPSS

Percentile

96.8%

JSON

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

Affected configurations

NVD
Node
icegramemail_subscribers_\&_newslettersRange<4.3.1wordpress

Related

attackerkb 1
zdt 1
wpvulndb 1
githubexploit 1
nvd 1
prion 1
cvelist 1
packetstorm 1
exploitdb 1
rapid7blog 1
attackerkb
attackerkb
CVE-2019-20361
2020-01-08 00:00:00
zdt
zdt
WordPress Email Subscribers & Newsletters 4.2.2 Plugin - (hash) SQL Injection (Unauthenticated)
2020-07-27 00:00:00
wpvulndb
wpvulndb
Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection
2019-11-13 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Icegram Email Subscribers \& Newsletters
2021-03-18 00:22:05
nvd
nvd
CVE-2019-20361
2020-01-08 06:15:12
prion
prion
Sql injection
2020-01-08 06:15:00
cvelist
cvelist
CVE-2019-20361
2020-01-08 05:03:21
packetstorm
packetstorm
WordPress Email Subscribers And Newsletters 4.2.2 SQL Injection
2020-07-27 00:00:00
exploitdb
exploitdb
WordPress Plugin Email Subscribers &amp; Newsletters 4.2.2 - &#039;hash&#039; SQL Injection (Unauthenticated)
2020-07-26 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-12-11 17:09:43

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.277 Low

EPSS

Percentile

96.8%

JSON
Related for CVE-2019-20361
attackerkb1zdt1wpvulndb1githubexploit1nvd1prion1cvelist1packetstorm1exploitdb1rapid7blog1