There was a flaw in the WordPress plugin, Email Subscribers & Newsletters prior to 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
icegram email subscribers \\& newsletters |