Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

Information

Software Type Plugin
Software Slug email-subscribers (view on wordpress.org)
Software Status Active
Software Author icegram
Software Website www.icegram.com
Software Downloads 10,532,441
Software Active Installs 90,000
Software Record Last Updated May 23, 2024

Showing 1-20 of 24 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization Patched CVE-2024-3626 4.3 Thura Moe Myint (mgthuramoemyint) May 22, 2024
Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request Patched CVE-2024-4010 8.8 Arkadiusz Hydzik May 14, 2024
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection Patched CVE-2024-2876 9.8 Arkadiusz Hydzik April 15, 2024
Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization Patched CVE-2024-31352 5.3 Mika April 5, 2024
Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import Patched CVE-2024-2656 4.4 Peter17 April 5, 2024
Email Subscribers & Newsletters <= 5.7.11 - Reflected Cross-Site Scripting via campaign_id Patched CVE-2024-22300 6.1 Rafie Muhammad March 26, 2024
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read Patched CVE-2023-5414 9.1 Marco Wotschka October 11, 2023
Icegram Express <= 5.5.2 - Unauthenticated CSV Injection Patched CVE-2022-45810 6.5 Mika February 6, 2023
Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection Patched CVE-2022-3981 8.8 Krzysztof Zając November 21, 2022
Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection Patched CVE-2022-0439 8.8 Krzysztof Zając February 11, 2022
Email Subscribers & Newsletters <= 4.5.5 - Unauthenticated Email Forgery Patched CVE-2020-5780 5.3 Alex Peña September 9, 2020
Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection Patched CVE-2020-5768 4.9 Alex Peña July 16, 2020
Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery Patched CVE-2020-5767 8.8 Tenable July 13, 2020
Email Subscribers & Newsletters <= 4.2.2 - Cross-Site Request Forgery on Settings Patched CVE-2019-19981 5.4 Chloe Chamberland November 13, 2019
Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated Option Creation Patched CVE-2019-19982 6.5 Chloe Chamberland November 13, 2019
Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection Patched CVE-2019-20361 8.3 Matt Barry November 13, 2019
Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated File Download w/ Information Disclosure Patched CVE-2019-19985 5.8 Chloe Chamberland November 13, 2019
Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization to Test Email Patched CVE-2019-19980 4.3 Chloe Chamberland November 13, 2019
Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization Patched CVE-2019-19984 6.3 Chloe Chamberland November 13, 2019
Email Subscribers & Newsletters <= 4.1.7 - SQL Injection Patched CVE-2019-13569 9.8 Tin Duong July 22, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation