CVE-2024-8771

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.34

Description: The issue allows unauthorized access to data due to a missing capability check on the preview email template design function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages.

Recommendations: For versions up to, and including, 5.7.34, update to a version that includes a fix for the missing capability check in the preview email template design function. As a temporary workaround, consider restricting access to the preview email template design function to minimize the risk of exploitation.