Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce 5.7.44

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 23, 2024

The Email Subscribers plugin for WordPress may be at risk for a type of hack called Stored Cross-Site Scripting. This can happen if a website administrator allows certain settings and doesn’t properly clean up any malicious code that may be entered. This could potentially allow someone with high level access to the website to add their own code that could run when someone visits a certain page. This only affects a specific type of WordPress installation and if certain security measures have not been implemented.

Detected in:

Email Subscribers & Newsletters – Powerful Email Marketing, Post Notification & Newsletter Plugin for WordPress & WooCommerce fixed vulnerable versions:
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce fixed vulnerable versions:
Icegram Express – email subscribers, optin forms, newsletters and marketing automation for WordPress & WooCommerce fixed vulnerable versions:
Icegram Express formerly known as Email Subscribers – The Ultimate Email Marketing & Automation Plugin for WordPress fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.