Icegram Email_subscribers_\&_newsletters

25 CVEs affecting Icegram Email_subscribers_\&_newsletters. Latest disclosed: 2025-01-13. Critical: 4, High: 3.

Top CVEs affecting Icegram Email_subscribers_\&_newsletters
CVESeverityScorePublishedSummary
CVE-2024-6172Critical9.82024-07-02The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-base…
CVE-2024-4295Critical9.82024-06-05The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7…
CVE-2019-20361Critical9.82020-01-08There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash pa…
CVE-2019-13569Critical9.82019-07-19A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnera…
CVE-2022-3981High8.82022-12-12The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL inject…
CVE-2022-0439High8.82022-03-07The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list…
CVE-2018-6015High7.52018-01-26An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at t…
CVE-2024-12311Medium6.52025-01-06The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing…
CVE-2020-5767Medium6.52020-07-17Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking le…
CVE-2019-19984Medium6.32019-12-26The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and ema…
CVE-2019-14364Medium6.12019-07-28An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publi…
CVE-2024-8254Medium5.42024-10-02The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary…
CVE-2019-19981Medium5.42019-12-26The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
CVE-2024-31352Medium5.32024-06-09Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13.
CVE-2020-5780Medium5.32020-09-10Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenti…
CVE-2019-19985Medium5.32019-12-26The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
CVE-2019-19982Medium5.32019-12-26The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulne…
CVE-2020-5768Medium4.92020-07-17Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 all…
CVE-2024-12568Medium4.82025-01-13The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high pri…
CVE-2024-12567Medium4.82025-01-13The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privile…