Vulnerabilities > Icegram > Email Subscribers Newsletters

DATE CVE VULNERABILITY TITLE RISK
2019-12-26 CVE-2019-19985 Missing Authorization vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
network
low complexity
icegram CWE-862
5.3
5.3
2019-12-26 CVE-2019-19984 Incorrect Authorization vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
network
low complexity
icegram CWE-863
6.3
6.3
2019-12-26 CVE-2019-19982 Improper Authentication vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation.
network
low complexity
icegram CWE-287
5.3
5.3
2019-12-26 CVE-2019-19981 Cross-Site Request Forgery (CSRF) vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
network
low complexity
icegram CWE-352
5.4
5.4
2019-12-26 CVE-2019-19980 Unspecified vulnerability in Icegram Email Subscribers & Newsletters
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator.
network
low complexity
icegram
4.3
4.3
2019-07-28 CVE-2019-14364 Cross-site Scripting vulnerability in Icegram Email Subscribers & Newsletters 4.1.6
An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.
network
low complexity
icegram CWE-79
6.1
6.1
2019-07-19 CVE-2019-13569 SQL Injection vulnerability in Icegram Email Subscribers & Newsletters
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress.
network
low complexity
icegram CWE-89
critical
 9.8
9.8
2018-01-26 CVE-2018-6015 Information Exposure vulnerability in Icegram Email Subscribers & Newsletters
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress.
network
low complexity
icegram CWE-200
7.5
7.5