Icegram

Email Subscribers & Newsletters

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-5780

Exploit
  • EPSS 0.43%
  • Veröffentlicht 10.09.2020 15:15:32
  • Zuletzt bearbeitet 21.11.2024 05:34:35

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing.

4.9

CVE-2020-5768

Exploit
  • EPSS 1.05%
  • Veröffentlicht 17.07.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:34:34

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields.

6.5

CVE-2020-5767

Exploit
  • EPSS 0.13%
  • Veröffentlicht 17.07.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:34:34

Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.

9.8

CVE-2019-20361

Exploit
  • EPSS 28.12%
  • Veröffentlicht 08.01.2020 06:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:18

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

5.3

CVE-2019-19985

Exploit
  • EPSS 79.6%
  • Veröffentlicht 26.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:47

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

6.5

CVE-2019-19984

Exploit
  • EPSS 0.22%
  • Veröffentlicht 26.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:47

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.

5.3

CVE-2019-19982

Exploit
  • EPSS 0.39%
  • Veröffentlicht 26.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:46

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= ...

5.4

CVE-2019-19981

Exploit
  • EPSS 0.14%
  • Veröffentlicht 26.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:46

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.

4.3

CVE-2019-19980

Exploit
  • EPSS 0.21%
  • Veröffentlicht 26.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:46

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This ...

6.1

CVE-2019-14364

  • EPSS 0.26%
  • Veröffentlicht 28.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:26:35

An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter...