52 matches found
CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...
WordPress Email Subscribers & Newsletters Plugin <= 5.7.34 is vulnerable to Broken Access Control
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.34 Fixed in 5.7.35 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-8254 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5c96fd3dcc6d Credits Arkadiusz...
CVE-2024-37252
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25...
CVE-2024-37252
CVE-2024-37252 affects WordPress Email Subscribers by Icegram Express plugin (
WordPress Icegram Express plugin <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] vulnerability
Authenticated Subscriber+ SQL Injection Vulnerability via optionslistid vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.22...
CVE-2024-31352 WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13...
WordPress Icegram Express plugin <= 5.7.14 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Email Subscribers & Newsletters versions = 5.7.14...
WordPress Email Subscribers & Newsletters Plugin <= 5.7.14 is vulnerable to SQL Injection
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.14 Fixed in 5.7.15 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-2876 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9b57a92f98bb Credits Arkadiusz Hydzik Required...
WordPress Email Subscribers & Newsletters Plugin <= 5.7.13 is vulnerable to Broken Access Control
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.13 Fixed in 5.7.14 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31352 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1e92fe5167c9 Credits Mika Requir...
CVE-2024-22300
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11...
CVE-2024-22300 WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11...
WordPress Email Subscribers & Newsletters Plugin <= 5.7.11 is vulnerable to Cross Site Scripting (XSS)
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.11 Fixed in 5.7.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22300 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 33b39d3a1006 Credits Rafie Muhammad...
WordPress Email Subscribers Plugin < 5.3.2 SQLi Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
Sql injection
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...
CVE-2022-0439
CVE-2022-0439 affects the Email Subscribers & Newsletters WordPress plugin prior to 5.3.2. The vulnerability arises from improper escaping of the order and orderby parameters in the ajax_fetch_report_list action, enabling blind SQL injection. CSRF protection is also absent for this action, allowi...
WordPress plugin Email Subscribers & Newsletters SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the WordPress plugin...
WordPress Plugin 'Email Subscribers & Newsletters' < 4.5.6 Email Forgery/Spoofing Vulnerability.
The WordPress application running on the remote host has a version of the 'Email Subscribers & Newsletters' plugin that is affected by an email forgery/spoofing vulnerability in the class-es-newsletters.php class due to missing authentication for a critical function. An unauthenticated, remote...
WordPress Email Subscribers & Newsletters plugin <= 4.5.5 - Unauthenticated email forgery/spoofing vulnerability
Unauthenticated email forgery/spoofing vulnerability found by Alex Peña in WordPress Email Subscribers & Newsletters plugin versions = 4.5.5. Solution Update the WordPress Email Subscribers & Newsletters plugin to the latest available version at least 4.5.6...
WordPress Plugin 'Email Subscribers & Newsletters' Multiple Vulnerabilities
The WordPress application running on the remote host has a version of the 'Email Subscribers & Newsletters' plugin that is affected by multiple vulnerabilities. - A cross-site request forgery CSRF vulnerability exists in the sendtestemail component. An unauthenticated, remote attacker can exploit...
WordPress Email Subscribers And Newsletters 4.2.2 File Disclosure
Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Date: 2020-07-20 Exploit Author: KBA@SOGETIESEC Vendor Homepage: https://www.icegram.com/email-subscribers/ Softwar...