Icegram Email_subscribers_\&_newsletters
25 CVEs affecting Icegram Email_subscribers_\&_newsletters. Latest disclosed: 2025-01-13. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-6172 | Critical | 9.8 | 2024-07-02 | The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-base… |
CVE-2024-4295 | Critical | 9.8 | 2024-06-05 | The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7… |
CVE-2019-20361 | Critical | 9.8 | 2020-01-08 | There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash pa… |
CVE-2019-13569 | Critical | 9.8 | 2019-07-19 | A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnera… |
CVE-2022-3981 | High | 8.8 | 2022-12-12 | The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL inject… |
CVE-2022-0439 | High | 8.8 | 2022-03-07 | The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list… |
CVE-2018-6015 | High | 7.5 | 2018-01-26 | An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at t… |
CVE-2024-12311 | Medium | 6.5 | 2025-01-06 | The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing… |
CVE-2020-5767 | Medium | 6.5 | 2020-07-17 | Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking le… |
CVE-2019-19984 | Medium | 6.3 | 2019-12-26 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and ema… |
CVE-2019-14364 | Medium | 6.1 | 2019-07-28 | An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publi… |
CVE-2024-8254 | Medium | 5.4 | 2024-10-02 | The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary… |
CVE-2019-19981 | Medium | 5.4 | 2019-12-26 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. |
CVE-2024-31352 | Medium | 5.3 | 2024-06-09 | Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13. |
CVE-2020-5780 | Medium | 5.3 | 2020-09-10 | Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenti… |
CVE-2019-19985 | Medium | 5.3 | 2019-12-26 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. |
CVE-2019-19982 | Medium | 5.3 | 2019-12-26 | The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulne… |
CVE-2020-5768 | Medium | 4.9 | 2020-07-17 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 all… |
CVE-2024-12568 | Medium | 4.8 | 2025-01-13 | The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high pri… |
CVE-2024-12567 | Medium | 4.8 | 2025-01-13 | The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privile… |