Description

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently send forged emails to all recipients from the available lists of contacts or subscribers. WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce version 4.5.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.5.6 or latest

References

https://www.tenable.com/security/research/tra-2020-53

https://plugins.svn.wordpress.org/email-subscribers/trunk/readme.txt

Related Vulnerabilities

jQuery Validation Other Vulnerability (CVE-2021-43306)

WordPress Plugin Donorbox-Free Recurring Donation Form Cross-Site Scripting (7.1.1)

WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-9937)

Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167)

Severity

High

Classification

CVE-2020-5780 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass