CVE-2024-5703

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.26

Description: The issue is related to unauthorized API access due to a missing capability check. This allows authenticated attackers with Subscriber-level access and above to access the API, if enabled, and perform actions such as adding, editing, and deleting audience users.

Recommendations: For versions up to, and including, 5.7.26, update to a version that includes a fix for the missing capability check to prevent unauthorized API access. As a temporary workaround, consider disabling the API access until a patch is available. Restrict access to the API to minimize the risk of exploitation by only allowing access to trusted users.