Icegram Email Subscribers & Newsletters for WordPress
Approved changes feed: RSS · Atom
cpe:2.3:a:icegram:email_subscribers_\&_newsletters:-:*:*:*:*:wordpress:*:*
part: a version: - update: *
| Vendor | Icegram (4ca468ee-dbe6-5dc5-9b8a-a191dfaeac5f) |
|---|---|
| Product | Email Subscribers & Newsletters (31756074-9587-59a9-8f60-f55c712d3c25) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-6172 |
vulnerable | 2026-06-08 06:58:18.073342 |
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe
CRITICAL (9.8)
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-37252 appears to be a duplicate of this issue.
Published: 2024-07-02T06:49:42.989Z
Updated: 2026-04-08T16:36:38.652Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5756 |
vulnerable | 2026-06-08 06:56:17.285230 |
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin
CRITICAL (9.8)
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2024-06-21T04:34:10.900Z
Updated: 2026-04-08T17:20:59.520Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4010 |
vulnerable | 2026-06-08 06:50:16.839619 |
Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request
HIGH (8.8)
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks.
Published: 2024-05-15T08:34:12.914Z
Updated: 2026-04-08T16:41:59.939Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.