cbcvebase.

Icegram Email Subscribers Newsletters vulnerabilities

28 known vulnerabilities affecting icegram/email_subscribers_newsletters.

Total CVEs
28
CISA KEV
0
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL5HIGH5MEDIUM18

Vulnerabilities

Page 2 of 2
CVE-2024-5703P4MEDIUMCVSS 4.3fixed in 5.7.272024-07-17
CVE-2024-5703 [MEDIUM] CWE-862 CVE-2024-5703: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to acces
nvd
CVE-2019-19980P4MEDIUMCVSS 4.3fixed in 4.2.32019-12-26
CVE-2019-19980 [MEDIUM] CVE-2019-19980: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email.
nvd
CVE-2024-8771P4MEDIUMCVSS 4.3fixed in 5.7.352024-09-26
CVE-2024-8771 [MEDIUM] CWE-862 CVE-2024-8771: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attacke
nvd
CVE-2019-19981P4MEDIUMCVSS 5.4fixed in 4.2.32019-12-26
CVE-2019-19981 [MEDIUM] CWE-352 CVE-2019-19981: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
nvd
CVE-2024-11636P4MEDIUMCVSS 4.8fixed in 5.7.452025-01-13
CVE-2024-11636 [MEDIUM] CWE-20 CVE-2024-11636: The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escap The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
nvd
CVE-2024-12568P4MEDIUMCVSS 4.8fixed in 5.7.452025-01-13
CVE-2024-12568 [MEDIUM] CWE-79 CVE-2024-12568: The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escap The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
nvd
CVE-2024-12567P4MEDIUMCVSS 4.8fixed in 5.7.452025-01-13
CVE-2024-12567 [MEDIUM] CWE-79 CVE-2024-12567: The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escap The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
nvd
CVE-2024-12566P4MEDIUMCVSS 4.8fixed in 5.7.452025-01-13
CVE-2024-12566 [MEDIUM] CWE-79 CVE-2024-12566: The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escap The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
nvd
Icegram Email Subscribers Newsletters vulnerabilities | cvebase