Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress, with AI-generated Chinese analysis, references, and POCs.

Vendor: icegram

CVE IDTitleCVSSSeverityPublished
CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter CWE-89 6.5 Medium2026-03-04
CVE-2025-12348 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution CWE-306 5.3 Medium2025-12-12
CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger CWE-306 5.3 Medium2025-11-19
CVE-2024-8254 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution CWE-94 5.4 Medium2024-10-02
CVE-2024-8771 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure CWE-862 4.3 Medium2024-09-26
CVE-2024-5703 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization CWE-862 4.3 Medium2024-07-17
CVE-2024-6172 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe CWE-89 9.8 Critical2024-07-02
CVE-2024-5756 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin CWE-89 9.8 Critical2024-06-21
CVE-2024-4845 Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] CWE-89 8.8 High2024-06-12
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash CWE-89 9.8 Critical2024-06-05
CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization CWE-862 4.3 Medium2024-05-23
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request CWE-862 8.8 High2024-05-15
CVE-2024-2876 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection CWE-89 9.8 Critical2024-05-02
CVE-2024-2656 Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import CWE-79 4.4 Medium2024-04-06
CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read CWE-22 9.1 Critical2023-10-20

All 15 known CVE vulnerabilities affecting Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress with full Chinese analysis, references, and POCs where available.