Vulnerabilities > Icegram > Email Subscribers Newsletters > 4.3.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-12 | CVE-2022-3981 | Unspecified vulnerability in Icegram Email Subscribers & Newsletters The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber | 8.8 |
2022-03-07 | CVE-2022-0439 | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. | 8.8 |
2020-09-10 | CVE-2020-5780 | Missing Authentication for Critical Function vulnerability in Icegram Email Subscribers & Newsletters Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. | 5.0 |