Lucene search
K

350 matches found

Nuclei
Nuclei
added 8 hours ago56 views

Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash

Email Subscribers by Icegram Express = 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. id: CVE-2024-4295 info: name: Email Subscribers by Icegram Express = 5.7.20 - Unauthenticated SQL Injection via Hash author: iamnoooob,rootxharsh,pdresearch severity:...

9.8CVSS7.3AI score0.10161EPSS
Exploits1References4
Nuclei
Nuclei
added 8 hours ago22 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.4AI score0.04184EPSS
Exploits3References2
Cvelist
Cvelist
added 12 hours ago10 views

CVE-2026-11592 Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS
Exploits0References12
CVE
CVE
added 12 hours ago10 views

CVE-2026-11592

The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...

4.3CVSS5.9AI score
Exploits0References12
Patchstack
Patchstack
added yesterday4 views

WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability

Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Nuclei
Nuclei
added yesterday226 views

Wordpress Email Subscribers by Icegram Express - SQL Injection

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...

9.8CVSS7.6AI score0.80596EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.7 views

CVE-2026-1651

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6AI score0.00368EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 3:31 a.m.7 views

EUVD-2026-9350

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6AI score0.00368EPSS
Exploits0References7
NVD
NVD
added 2026/03/04 2:15 a.m.6 views

CVE-2026-1651

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS0.00368EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/04 1:22 a.m.2 views

CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6AI score0.00368EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/04 1:22 a.m.33 views

CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS0.00368EPSS
Exploits0References6
CVE
CVE
added 2026/03/04 1:22 a.m.25 views

CVE-2026-1651

CVE-2026-1651 affects the WordPress plugin Email Subscribers & Newsletters (Icegram Express) up to version 5.9.16. The vulnerability is an SQL Injection via the workflow_ids parameter due to insufficient escaping and improper preparation of the SQL query. Exploitation requires authenticated admin...

6.5CVSS6AI score0.00368EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/04 1:22 a.m.4 views

CVE-2026-1651

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6AI score0.00368EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.8 views

WordPress plugin Email Subscribers by Icegram Express 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00368EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22857

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflow ids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6AI score0.00368EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/03/03 11:44 p.m.8 views

WordPress Email Subscribers & Newsletters plugin <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'workflowids' Parameter vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.16...

6.5CVSS6AI score0.00368EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.124 views

📄 WordPress Email Subscribers 5.7.14 SQL Injection

WordPress Email Subscribers plugin version 5.7.14 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : wordpress Email Subscribers 5.7.14 Sql Injection...

9.8CVSS6AI score0.80596EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.8 views

CVE-2022-0439

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.8AI score0.04184EPSS
Exploits3References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...

4.8CVSS5.9AI score0.00292EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...

4.8CVSS5.9AI score0.00292EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder