Vulnerabilities > Icegram > Email Subscribers Newsletters > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-3981 | Unspecified vulnerability in Icegram Email Subscribers & Newsletters The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber | 8.8 |
| 2022-03-07 | CVE-2022-0439 | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. | 8.8 |
| 2018-01-26 | CVE-2018-6015 | Information Exposure vulnerability in Icegram Email Subscribers & Newsletters An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. | 7.5 |