Platform
wordpress
Component
email-subscribers
Opgelost in
5.7.21
CVE-2024-4295 is a critical SQL Injection vulnerability affecting the Email Subscribers by Icegram Express plugin for WordPress. This flaw allows unauthenticated attackers to inject malicious SQL queries, potentially leading to data exfiltration and compromise of the WordPress database. The vulnerability impacts versions up to and including 5.7.20. A patch is available; upgrading is the recommended remediation.
The SQL Injection vulnerability in Email Subscribers by Icegram Express poses a significant threat to WordPress websites utilizing the plugin. An attacker can exploit this flaw by manipulating the ‘hash’ parameter to inject arbitrary SQL code into existing queries. Successful exploitation could allow an attacker to extract sensitive information stored in the database, such as user credentials, email addresses, and other personal data. Depending on database permissions, an attacker might even be able to modify or delete data, leading to website defacement or complete data loss. This vulnerability is particularly concerning given the plugin's popularity and the potential for widespread exploitation.
CVE-2024-4295 was publicly disclosed on June 5, 2024. While no active exploitation campaigns have been definitively confirmed at the time of writing, the CRITICAL severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread attacks.
WordPress websites using the Email Subscribers by Icegram Express plugin, particularly those running versions prior to 5.7.20, are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others. Websites with sensitive user data stored in the database are also at higher risk.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/email-subscribers-by-icegram-express/• wordpress / composer / npm:
wp plugin list --status=active | grep icegram• wordpress / composer / npm:
wp plugin update email-subscribers-by-icegram-express• generic web: Check WordPress plugin directory for updates and security advisories related to Email Subscribers by Icegram Express.
disclosure
Exploit Status
EPSS
92.80% (100% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-4295 is to immediately upgrade the Email Subscribers by Icegram Express plugin to a version beyond 5.7.20, where the vulnerability has been addressed. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to prevent exploitation. While not a complete solution, implementing a Web Application Firewall (WAF) with SQL Injection protection rules can provide an additional layer of defense. Carefully review and sanitize all user inputs within the plugin's code if custom modifications have been made.
Actualice el plugin Email Subscribers by Icegram Express a la última versión disponible. La vulnerabilidad de inyección SQL fue corregida en versiones posteriores a la 5.7.20. Esto evitará que atacantes no autenticados ejecuten consultas SQL maliciosas en su base de datos.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-4295 is a critical SQL Injection vulnerability in the Email Subscribers by Icegram Express WordPress plugin, allowing attackers to extract data.
You are affected if you are using Email Subscribers by Icegram Express version 5.7.20 or earlier. Check your plugin version immediately.
Upgrade the Email Subscribers by Icegram Express plugin to a version greater than 5.7.20. If upgrading is not possible, disable the plugin temporarily.
While no confirmed active exploitation campaigns are known, the vulnerability's severity and ease of exploitation suggest a high risk of future attacks.
Check the Icegram Express website and WordPress plugin repository for official security advisories and updates related to CVE-2024-4295.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.