Published: 02/05/2024 Updated: 02/05/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated malicious users to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Blind SQLi exploit for CVE-2024-2876. a vulnerability effecting the Icegram express - Email subscribers plugin for wordpress.

CVE-2024-2876 Blind SQLi exploit for CVE-2024-2876 a vulnerability effecting the Icegram express - Email subscribers plugin for wordpress

https://www.wordfence.com/threat-intel/vulnerabilities/id/e0ca6ac4-0d89-4601-94fc-cce5a0af9c56?source=cve https://github.com/WordpressPluginDirectory/email-subscribers/blob/main/email-subscribers/lite/includes/classes/class-ig-es-subscriber-query.php#L304 https://github.com/WordpressPluginDirectory/email-subscribers/blob/main/email-subscribers/lite/admin/class-email-subscribers-admin.php#L1433 https://plugins.trac.wordpress.org/changeset/3060251/email-subscribers/trunk/lite/includes/classes/class-ig-es-subscriber-query.php https://nvd.nist.gov https://github.com/c0d3zilla/CVE-2024-2876

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-2876

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect