3 matches found
Exploit for SQL Injection in Icegram Email_Subscribers_\&_Newsletters
CVE-2022-0439 CVE-2022-0439 - Email Subscribers & Newslett...
CVE-2022-0439
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...
CVE-2022-0439
CVE-2022-0439 affects the Email Subscribers & Newsletters WordPress plugin prior to 5.3.2. The vulnerability arises from improper escaping of the order and orderby parameters in the ajax_fetch_report_list action, enabling blind SQL injection. CSRF protection is also absent for this action, allowi...