Email Subscribers & Newsletters Security Vulnerabilities and Issues — Email Subscribers & Newsletters CVE List

Lucene search

IcegramEmail Subscribers & Newsletters

10 matches found

CVE•added 2024/06/05 6:15 a.m.•83 views

CVE-2024-4295

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it ...

9.8CVSS9.6AI score0.92799EPSS

CVE•added 2024/07/17 8:15 a.m.•61 views

CVE-2024-5703

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated atta...

4.3CVSS4.7AI score0.00115EPSS

CVE•added 2024/06/09 6:15 p.m.•59 views

CVE-2024-31352

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13.

9.8CVSS5.7AI score0.00362EPSS

CVE•added 2024/03/27 6:15 a.m.•56 views

CVE-2024-22300

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.

7.1CVSS7.1AI score0.00147EPSS

CVE•added 2024/07/02 7:15 a.m.•51 views

CVE-2024-6172

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied paramete...

9.8CVSS9.7AI score0.01272EPSS

CVE•added 2024/06/26 11:15 a.m.•49 views

CVE-2024-37252

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25.

9.3CVSS9.7AI score0.00156EPSS

CVE•added 2024/06/21 5:15 a.m.•46 views

CVE-2024-5756

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied paramete...

9.8CVSS9.7AI score0.01097EPSS

CVE•added 2024/10/02 7:15 a.m.•39 views

CVE-2024-8254

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does...

6.3CVSS6.5AI score0.00246EPSS

CVE•added 2024/09/26 4:15 p.m.•32 views

CVE-2024-8771

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5...

4.3CVSS4.8AI score0.0015EPSS

CVE•added 2024/05/15 9:15 a.m.•31 views

CVE-2024-4010

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authentic...

8.8CVSS9.4AI score0.00609EPSS