Lucene search

CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request

🗓️ 15 May 2024 08:12:34Reported by WordfenceType

Email Subscribers by Icegram Express plugin <= 5.7.19 unauthorized access vulnerabilit

Reporter	Title	Published	Views	Family All 6
Patchstack	WordPress Email Subscribers & Newsletters Plugin <= 5.7.19 is vulnerable to Broken Access Control	15 May 202400:00	–	patchstack
Vulnrichment	CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request	15 May 202408:34	–	vulnrichment
NVD	CVE-2024-4010	15 May 202409:15	–	nvd
WPVulnDB	Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request	14 May 202400:00	–	wpvulndb
CVE	CVE-2024-4010	15 May 202409:15	–	cve
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)	23 May 202415:00	–	wordfence

[
  {
    "vendor": "icegram",
    "product": "Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "5.7.19",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3083762/email-subscribers
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/23bfcdd1-b99d-47eb-9f88-96f9ecc53b32

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 May 2024 08:34Current

9High risk

Vulners AI Score9

CVSS38.8

EPSS0.00043