CVE-2024-12311

Name of the Vulnerable Software and Affected Versions Email Subscribers by Icegram Express versions prior to 5.7.44

Description The issue concerns a SQL injection vulnerability. It occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement, allowing administrators to perform SQL injection attacks.

Recommendations For versions prior to 5.7.44, update to version 5.7.44 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's SQL functionality until a patch is applied.