Published: 07/03/2022 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Subscribe to Email Subscribers \& Newsletters

The Email Subscribers & Newsletters WordPress plugin prior to 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an malicious user to trick any logged in user to perform the action by clicking a link.

Vulnerable Product	Search on Vulmon	Subscribe to Product
icegram email subscribers \\& newsletters

CVE-2022-0439 - Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection

CVE-2022-0439 CVE-2022-0439 - Email Subscribers & Newsletters < 532 - Subscriber+ Blind SQL injection Must Have sqlmap installed & a valid username & password with subscriber+ Usage usage: CVE-2022-0439py [-h] -w URL -u USERNAME -p PASSWORD options: -h, --help show this help message and exit -w URL, --url URL URL of the Word

CWE-352 CWE-89 https://wpscan.com/vulnerability/729d3e67-d081-4a4e-ac1e-f6b0a184f095 https://nvd.nist.gov https://github.com/RandomRobbieBF/CVE-2022-0439

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-0439

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect