Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

Information

Software Type Plugin
Software Slug email-subscribers (view on wordpress.org)
Software Status Active
Software Author icegram
Software Website www.icegram.com
Software Downloads 11,072,204
Software Active Installs 80,000
Software Record Last Updated October 29, 2024

Showing 1-20 of 31 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution Patched CVE-2024-8254 5.4 Arkadiusz Hydzik October 1, 2024
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure Patched CVE-2024-8771 4.3 Michelle Porter September 25, 2024
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization Patched CVE-2024-5703 4.3 Arkadiusz Hydzik July 16, 2024
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe Patched CVE-2024-6172 9.8 shaman0x01 July 1, 2024
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin Patched CVE-2024-5756 9.8 Arkadiusz Hydzik June 20, 2024
Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] Patched CVE-2024-4845 8.8 Arkadiusz Hydzik June 11, 2024
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash Patched CVE-2024-4295 9.8 1337_Wannabe June 4, 2024
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization Patched CVE-2024-3626 4.3 Thura Moe Myint (mgthuramoemyint) May 22, 2024
Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request Patched CVE-2024-4010 8.8 Arkadiusz Hydzik May 14, 2024
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection Patched CVE-2024-2876 9.8 Arkadiusz Hydzik April 15, 2024
Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import Patched CVE-2024-2656 4.4 Peter17 April 5, 2024
Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization Patched CVE-2024-31352 5.3 Mika April 5, 2024
Email Subscribers & Newsletters <= 5.7.11 - Reflected Cross-Site Scripting via campaign_id Patched CVE-2024-22300 6.1 Rafie Muhammad March 26, 2024
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Patched CVE-2023-5414 9.1 Marco Wotschka October 11, 2023
Icegram Express <= 5.5.2 - Unauthenticated CSV Injection Patched CVE-2022-45810 6.5 Mika February 6, 2023
Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection Patched CVE-2022-3981 8.8 Krzysztof Zając November 21, 2022
Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection Patched CVE-2022-0439 8.8 Krzysztof Zając February 11, 2022
Email Subscribers & Newsletters <= 4.5.5 - Unauthenticated Email Forgery Patched CVE-2020-5780 5.3 Alex Peña September 9, 2020
Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection Patched CVE-2020-5768 4.9 Alex Peña July 16, 2020
Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery Patched CVE-2020-5767 8.8 Tenable July 13, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation