Lucene search
K
IcegramEmail Subscribers & Newsletters

25 matches found

cve
cve
added 2019/07/19 10:26 p.m.248 views

CVE-2019-13569

The CVE-2019-13569 entry concerns the Icegram Email Subscribers & Newsletters plugin for WordPress, affected through version 4.1.7. The connected sources describe a SQL injection bug caused by improper sanitization of user input, enabling a remote attacker to execute arbitrary SQL commands on the...

10CVSS9.8AI score0.03679EPSS
cve
cve
added 2020/01/08 5:3 a.m.230 views

CVE-2019-20361

CVE-2019-20361 affects the WordPress plugin Email Subscribers & Newsletters (before 4.3.1). A blind, time-based SQL injection exists via the hash parameter, enabling SQL statements to be passed to the database. Public disclosures and PoCs exist (e.g., Exploit-DB 48699, Metasploit module for a Wor...

9.8CVSS9.6AI score0.8511EPSS
cve
cve
added 2019/12/26 2:25 a.m.214 views

CVE-2019-19985

CVE-2019-19985 concerns the WordPress plugin Email Subscribers & Newsletters (before 4.2.3). The issue allows unauthenticated arbitrary file retrieval, enabling file download and user information disclosure. Connections in the provided documents confirm the vulnerability affects versions prior to...

5.8CVSS5.1AI score0.71399EPSS
Web
cve
cve
added 2024/06/05 5:33 a.m.127 views

CVE-2024-4295

CVE-2024-4295 affects the WordPress plugin Email Subscribers by Icegram Express . It is an unauthenticated SQL injection via the hash parameter in all versions up to 5.7.20 caused by insufficient escaping and poor SQL query preparation. Exploitation could enable attackers to append additional SQL...

9.8CVSS9.6AI score0.10161EPSS
Web
cve
cve
added 2019/07/28 5:43 p.m.126 views

CVE-2019-14364

The CVE-2019-14364 entry describes a Cross-Site Scripting (XSS) vulnerability in the WordPress Email Subscribers & Newsletters plugin version 4.1.6. The issue arises from a malicious input via the esfpx_name parameter on the wp-admin/admin-ajax.php endpoint, exposed through a publicly accessible ...

6.1CVSS6AI score0.0133EPSS
Web
cve
cve
added 2022/03/07 8:16 a.m.118 views

CVE-2022-0439

CVE-2022-0439 affects the Email Subscribers & Newsletters WordPress plugin prior to 5.3.2. The vulnerability arises from improper escaping of the order and orderby parameters in the ajax_fetch_report_list action, enabling blind SQL injection. CSRF protection is also absent for this action, allowi...

8.8CVSS9AI score0.04184EPSS
Web
cve
cve
added 2019/12/26 2:26 a.m.88 views

CVE-2019-19981

CVE-2019-19981 affects the WordPress plugin Email Subscribers & Newsletters (before 4.2.3). The vulnerability is a CSRF flaw that can be exploited to impact all plugin settings. Remediation observed in public sources is to update to version 4.2.3 or later. Additional connected feeds note broader ...

5.4CVSS5.6AI score0.00557EPSS
cve
cve
added 2019/12/26 2:25 a.m.88 views

CVE-2019-19982

The CVE-2019-19982 entry concerns the WordPress plugin Email Subscribers & Newsletters prior to version 4.2.3 . The vulnerability allows unauthenticated option creation when an attacker sends a request to /wp-admin/admin-post.php?es_skip=1&option_name= , enabling modification of plugin options wi...

6.5CVSS5.5AI score0.01248EPSS
Web
cve
cve
added 2019/12/26 2:26 a.m.86 views

CVE-2019-19980

The CVE-2019-19980 entry concerns the WordPress plugin Email Subscribers & Newsletters prior to version 4.2.3. Root cause: the plugin registers a wp_ajax send_test_email function, enabling a privilege-bypass that lets authenticated users (Subscriber and higher) send test emails from the admin das...

4.3CVSS4.9AI score0.01016EPSS
cve
cve
added 2024/07/17 7:32 a.m.85 views

CVE-2024-5703

The CVE CVE-2024-5703 affects the WordPress plugin Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce (versions up to 5.7.26). The issue is a missing capability check that permits unauthorized API access to the plugin’s API (if enabled) by ...

4.3CVSS4.7AI score0.00378EPSS
cve
cve
added 2019/12/26 2:25 a.m.82 views

CVE-2019-19984

The CVE-2019-19984 entry describes a vulnerability in the WordPress plugin Email Subscribers & Newsletters before version 4.2.3 where users with edit_post privileges could manage plugin settings and email campaigns. The issue is a privilege/AC (access control) weakness allowing low-privilege user...

6.5CVSS6.2AI score0.00968EPSS
cve
cve
added 2024/07/02 6:49 a.m.81 views

CVE-2024-6172

CVE-2024-6172 affects the Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin. Root cause: insufficient escaping and inadequate query preparation on the db parameter; enables time-based SQL injection. Affected versions: all up to 5.7....

9.8CVSS5.9AI score0.0114EPSS
cve
cve
added 2024/06/09 5:23 p.m.80 views

CVE-2024-31352

CVE-2024-31352 : WordPress plugin Email Subscribers by Icegram Express (Email Subscribers & Newsletters) up to version 5.7.13 is affected by a Missing Authorization vulnerability that allows unauthorized access. Root cause is missing authorization checks. A patch/update beyond 5.7.13 exists; and ...

9.8CVSS5.7AI score0.00386EPSS
cve
cve
added 2022/12/12 5:54 p.m.76 views

CVE-2022-3981

The CVE-2022-3981 entry concerns the Icegram Express WordPress plugin prior to version 5.5.1. Affected component: the plugin’s SQL statements, where improper sanitization/escaping of a parameter enables a SQL injection. Root cause: unsanitized input used in SQL queries; impact: high (CVE details ...

8.8CVSS8.9AI score0.00742EPSS
Web
cve
cve
added 2020/07/17 9:22 p.m.67 views

CVE-2020-5767

CVE-2020-5767 concerns a cross-site request forgery in the WordPress plugin “Email Subscribers & Newsletters” by Icegram, specifically version 4.4.8. The vulnerability allows a remote attacker to cause the affected WordPress user to send forged emails by tricking them into visiting a crafted link...

6.5CVSS6.4AI score0.00917EPSS
Web
cve
cve
added 2020/09/10 2:10 p.m.61 views

CVE-2020-5780

The CVE-2020-5780 entry concerns the WordPress plugin Icegram Email Subscribers & Newsletters. Affected version(s) are prior to 4.5.6, where a vulnerability in the class-es-newsletters.php allows an unauthenticated, remote attacker to forge/spoof emails via an unauthenticated AJAX request to an a...

5.3CVSS5.2AI score0.01634EPSS
Web
cve
cve
added 2024/10/02 6:46 a.m.59 views

CVE-2024-8254

CVE-2024-8254 affects the Email Subscribers by Icegram Express for WordPress (

6.3CVSS6.5AI score0.00495EPSS
cve
cve
added 2025/01/06 6:0 a.m.56 views

CVE-2024-12311

CVE-2024-12311 affects Icegram Express (Email Subscribers by Icegram Express) for WordPress. The vulnerability is an SQL injection in the plugin’s handling of a parameter that is not properly sanitized/escaped before being used in an SQL statement. This could allow an authenticated admin to manip...

6.5CVSS7.2AI score0.00608EPSS
cve
cve
added 2020/07/17 9:22 p.m.49 views

CVE-2020-5768

CVE-2020-5768 targets the WordPress plugin Icegram Email Subscribers & Newsletters (v4.4.8) . The flaw is an authenticated SQL injection in the es_newsletters_settings_callback component, caused by improper sanitization, enabling a remote, logged-in attacker to infer database field values. This a...

4.9CVSS5.5AI score0.01966EPSS
Web
cve
cve
added 2024/09/26 3:30 p.m.48 views

CVE-2024-8771

CVE-2024-8771 (Email Subscribers by Icegram Express) : The WordPress plugin versions up to 5.7.34 allow unauthorized data access due to a missing capability check in the preview_email_template_design function. With Subscriber-level access and above, authenticated attackers can extract content fro...

4.3CVSS4.8AI score0.00361EPSS
cve
cve
added 2018/01/26 8:0 p.m.46 views

CVE-2018-6015

The CVE-2018-6015 issue affects WordPress Email Subscribers & Newsletters plugin prior to v3.4.8. An attacker can trigger an information-disclosure by sending an HTTP POST to a URI ending with /?es=export and including option=view_all_subscribers in the body, which allows downloading a CSV contai...

7.5CVSS7.4AI score0.03216EPSS
cve
cve
added 2025/01/13 6:0 a.m.33 views

CVE-2024-11636

CVE-2024-11636 affects the Email Subscribers by Icegram Express WordPress plugin prior to 5.7.45. The issue is that certain Text Block options are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisi...

4.8CVSS5.4AI score0.00312EPSS
cve
cve
added 2025/01/13 6:0 a.m.31 views

CVE-2024-12566

CVE-2024-12566 affects the WordPress plugin Icegram Express (formerly Email Subscribers) for versions before 5.7.45. The issue is an admin+ stored XSS vulnerability caused by insufficient sanitisation/escaping of certain form settings, potentially enabling an admin to inject scripts even when unf...

4.8CVSS5.4AI score0.00292EPSS
cve
cve
added 2025/01/13 6:0 a.m.31 views

CVE-2024-12568

CVE-2024-12568 affects the WordPress plugin “Email Subscribers by Icegram Express” (pre-5.7.45). The issue is a Stored XSS vulnerability caused by insufficient sanitization/escaping of Workflow settings, exploitable by high-privilege users (e.g., admins), and can occur even when unfiltered_html i...

4.8CVSS5.4AI score0.00292EPSS
cve
cve
added 2025/01/13 6:0 a.m.26 views

CVE-2024-12567

CVE-2024-12567 – Icegram Express Email Subscribers (WP plugin) prior to 5.7.45 stores and escapes settings poorly, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disabled. Impact described in sources as admin-level Stored XSS within form settings, multisit...

4.8CVSS5.4AI score0.00292EPSS