PT-2026-22857 · WordPress · Email Subscribers By Icegram Express

Chiao-Lin Yu

·

Publicado

2026-03-04

·

Atualizado

2026-03-04

·

CVE-2026-1651

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Email Subscribers by Icegram Express plugin for WordPress versions up to and including 5.9.16
Description The Email Subscribers by Icegram Express plugin for WordPress is susceptible to SQL Injection through the workflow ids parameter. Insufficient input validation and query preparation allow authenticated attackers with administrator-level access or higher to inject additional SQL queries into existing database queries. This could lead to the extraction of sensitive information from the database. The API endpoint involved is not explicitly mentioned.
Recommendations Update the Email Subscribers by Icegram Express plugin to a version later than 5.9.16.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-1651

Produtos afetados

Email Subscribers By Icegram Express