5 matches found
CVE-2024-4295
creationtimestamp| type| source ---|---|--- 2024-06-05 10:32:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/7530 2024-06-06 17:36:36+00:00| published-proof-of-concept| https://t.me/HackingInsights/1803 2024-08-30 06:52:02+00:00| published-proof-of-concept|...
CVE-2024-4295
CVE-2024-4295 affects the WordPress plugin Email Subscribers by Icegram Express . It is an unauthenticated SQL injection via the hash parameter in all versions up to 5.7.20 caused by insufficient escaping and poor SQL query preparation. Exploitation could enable attackers to append additional SQL...
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
WordPress Email Subscribers & Newsletters Plugin <= 5.7.20 is vulnerable to SQL Injection
Software Email Subscribers & Newsletters Type Plugin Vulnerable versions = 5.7.20 Fixed in 5.7.21 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-4295 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 50be2b9566fd Credits 1337Wannabe Required privilege...
CVE-2024-4579
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-4295. Reason: This candidate is a reservation duplicate of CVE-2024-4295. Notes: All CVE users should reference CVE-2024-4295 instead of this candidate. All references and descriptions in this candidate have been remov...