Vulnerabilities (CVE)

Filtered by vendor Icegram Subscribe

Filtered by product Email Subscribers \& Newsletters

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-20361	1 Icegram	1 Email Subscribers \& Newsletters	2020-07-27	7.5 HIGH	9.8 CRITICAL
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
CVE-2019-13569	1 Icegram	1 Email Subscribers \& Newsletters	2019-07-31	10.0 HIGH	9.8 CRITICAL
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.