Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce 5.6.23

  • Severity: critical
  • Status: Fixed
  • Publication: October 11, 2023

The Icegram Express plugin for WordPress is vulnerable to a security issue. In versions up to 5.6.23, administrator-level attackers can use a function called “show_es_logs” to read the contents of any file on the server. This includes files belonging to other websites, which could contain sensitive information. This issue is particularly concerning in shared hosting environments.

Detected in:

Email Subscribers & Newsletters – Powerful Email Marketing, Post Notification & Newsletter Plugin for WordPress & WooCommerce fixed vulnerable versions:
Email Subscribers by Icegram Express – Affordable, Powerful Email Marketing for WordPress & WooCommerce fixed vulnerable versions:
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce fixed vulnerable versions:
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce fixed vulnerable versions:
Icegram Express – email subscribers, optin forms, newsletters and marketing automation for WordPress & WooCommerce fixed vulnerable versions:
Icegram Express formerly known as Email Subscribers – The Ultimate Email Marketing & Automation Plugin for WordPress fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.