Description

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access the API (provided it is enabled) and add, edit, or delete audience users. WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce version 5.7.26 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 5.7.27 or latest

References

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/email-subscribers/icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-5726-missing-authorization

https://plugins.svn.wordpress.org/email-subscribers/trunk/readme.txt

Related Vulnerabilities

MySQL CVE-2023-22112 Vulnerability (CVE-2023-22112)

WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)

WordPress Plugin Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) Multiple Cross-Site Scripting Vulnerabilities (3.11.2)

Oracle Database Server CVE-2007-5530 Vulnerability (CVE-2007-5530)

Internet Information Services Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2009-3023)

Severity

High

Classification

CVE-2024-5703 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass