Icegram

Email Subscribers & Newsletters

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-4010

  • EPSS 0.7%
  • Veröffentlicht 15.05.2024 09:15:10
  • Zuletzt bearbeitet 21.11.2024 09:42:01

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and includ...

7.1

CVE-2024-22300

  • EPSS 0.2%
  • Veröffentlicht 27.03.2024 06:15:14
  • Zuletzt bearbeitet 21.11.2024 08:56:00

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.

8.8

CVE-2022-0439

Exploit
  • EPSS 36.82%
  • Veröffentlicht 07.03.2022 09:15:09
  • Zuletzt bearbeitet 21.11.2024 06:38:37

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as...

5.3

CVE-2020-5780

Exploit
  • EPSS 0.43%
  • Veröffentlicht 10.09.2020 15:15:32
  • Zuletzt bearbeitet 21.11.2024 05:34:35

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing.

4.9

CVE-2020-5768

Exploit
  • EPSS 1.05%
  • Veröffentlicht 17.07.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:34:34

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields.

6.5

CVE-2020-5767

Exploit
  • EPSS 0.13%
  • Veröffentlicht 17.07.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:34:34

Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.

9.8

CVE-2019-20361

Exploit
  • EPSS 31.09%
  • Veröffentlicht 08.01.2020 06:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:18

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

5.3

CVE-2019-19985

Exploit
  • EPSS 86.72%
  • Veröffentlicht 26.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:47

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

6.5

CVE-2019-19984

Exploit
  • EPSS 0.22%
  • Veröffentlicht 26.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:47

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.

5.3

CVE-2019-19982

Exploit
  • EPSS 0.39%
  • Veröffentlicht 26.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:46

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= ...