Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

Software Type	Plugin
Software Slug	email-subscribers (view on wordpress.org)
Software Status	Active
Software Author	icegram
Software Website	www.icegram.com
Software Downloads	10,789,440
Software Active Installs	90,000
Software Record Last Updated	July 26, 2024

Showing 1-20 of 29 Vulnerabilities

Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization

4.3

CVE-2024-5703

Jul 16, 2024

Researcher: Arkadiusz Hydzik

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe

9.8

CVE-2024-6172

Jul 1, 2024

Researcher: shaman0x01

Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin

9.8

CVE-2024-5756

Jun 20, 2024

Researcher: Arkadiusz Hydzik

Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id]

8.8

CVE-2024-4845

Jun 11, 2024

Researcher: Arkadiusz Hydzik

Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash

9.8

CVE-2024-4295

Jun 4, 2024

Researcher: 1337_Wannabe

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization

4.3

CVE-2024-3626

May 22, 2024

Researcher: Thura Moe Myint (mgthuramoemyint)

Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request

8.8

CVE-2024-4010

May 14, 2024

Researcher: Arkadiusz Hydzik

Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection

9.8

CVE-2024-2876

Apr 15, 2024

Researcher: Arkadiusz Hydzik

Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization

5.3

CVE-2024-31352

Apr 5, 2024

Researcher: Mika

Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import

4.4

CVE-2024-2656

Apr 5, 2024

Researcher: Peter17

Email Subscribers & Newsletters <= 5.7.11 - Reflected Cross-Site Scripting via campaign_id

6.1

CVE-2024-22300

Mar 26, 2024

Researcher: Rafie Muhammad

Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

9.1

CVE-2023-5414

Oct 11, 2023

Researcher: Marco Wotschka

Icegram Express <= 5.5.2 - Unauthenticated CSV Injection

6.5

CVE-2022-45810

Feb 6, 2023

Researcher: Mika

Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2022-3981

Nov 21, 2022

Researcher: Krzysztof Zając

Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection

8.8

CVE-2022-0439

Feb 11, 2022

Researcher: Krzysztof Zając

Email Subscribers & Newsletters <= 4.5.5 - Unauthenticated Email Forgery

5.3

CVE-2020-5780

Sep 9, 2020

Researcher: Alex Peña

Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection

4.9

CVE-2020-5768

Jul 16, 2020

Researcher: Alex Peña

Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery

8.8

CVE-2020-5767

Jul 13, 2020

Researcher: Tenable

Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated Option Creation

6.5

CVE-2019-19982

Nov 13, 2019

Researcher: Chloe Chamberland

Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection

8.3

CVE-2019-20361

Nov 13, 2019

Researcher: Matt Barry

Title	Status	CVE ID	CVSS	Researchers	Date
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization	Patched	CVE-2024-5703	4.3	Arkadiusz Hydzik	July 16, 2024
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe	Patched	CVE-2024-6172	9.8	shaman0x01	July 1, 2024
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin	Patched	CVE-2024-5756	9.8	Arkadiusz Hydzik	June 20, 2024
Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id]	Patched	CVE-2024-4845	8.8	Arkadiusz Hydzik	June 11, 2024
Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash	Patched	CVE-2024-4295	9.8	1337_Wannabe	June 4, 2024
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization	Patched	CVE-2024-3626	4.3	Thura Moe Myint (mgthuramoemyint)	May 22, 2024
Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request	Patched	CVE-2024-4010	8.8	Arkadiusz Hydzik	May 14, 2024
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection	Patched	CVE-2024-2876	9.8	Arkadiusz Hydzik	April 15, 2024
Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization	Patched	CVE-2024-31352	5.3	Mika	April 5, 2024
Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import	Patched	CVE-2024-2656	4.4	Peter17	April 5, 2024
Email Subscribers & Newsletters <= 5.7.11 - Reflected Cross-Site Scripting via campaign_id	Patched	CVE-2024-22300	6.1	Rafie Muhammad	March 26, 2024
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read	Patched	CVE-2023-5414	9.1	Marco Wotschka	October 11, 2023
Icegram Express <= 5.5.2 - Unauthenticated CSV Injection	Patched	CVE-2022-45810	6.5	Mika	February 6, 2023
Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection	Patched	CVE-2022-3981	8.8	Krzysztof Zając	November 21, 2022
Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection	Patched	CVE-2022-0439	8.8	Krzysztof Zając	February 11, 2022
Email Subscribers & Newsletters <= 4.5.5 - Unauthenticated Email Forgery	Patched	CVE-2020-5780	5.3	Alex Peña	September 9, 2020
Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection	Patched	CVE-2020-5768	4.9	Alex Peña	July 16, 2020
Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery	Patched	CVE-2020-5767	8.8	Tenable	July 13, 2020
Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated Option Creation	Patched	CVE-2019-19982	6.5	Chloe Chamberland	November 13, 2019
Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection	Patched	CVE-2019-20361	8.3	Matt Barry	November 13, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce

Information

Showing 1-20 of 29 Vulnerabilities