PT-2020-18689 · WordPress · Icegram Email Subscribers & Newsletters
Published
2020-07-17
·
Updated
2020-07-21
·
CVE-2020-5768
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Icegram Email Subscribers & Newsletters Plugin for WordPress version 4.4.8
Description
The issue concerns an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows a remote, authenticated attacker to determine the value of database fields.
Recommendations
For Icegram Email Subscribers & Newsletters Plugin for WordPress version 4.4.8, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. As a temporary workaround, restrict access to sensitive database fields to minimize the risk of exploitation.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Icegram Email Subscribers & Newsletters