Cross-Site Request Forgery Vulnerability in Icegram Email Subscribers Plugin for WordPress
CVE-2020-5767

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Icegram Email Subscribers & Newsletters Plugin For WordPress
Vendor: CVE Published:; 17 July 2020

Summary

The Icegram Email Subscribers & Newsletters Plugin for WordPress versions prior to 4.4.8 is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows a malicious actor to exploit the plugin by sending a crafted link to a legitimate user. When the user clicks on the link, the attacker can perform unintended actions on behalf of the user, such as sending forged emails. This can jeopardize user trust and lead to potential data breaches or phishing attacks.

Affected Version(s)

Icegram Email Subscribers & Newsletters Plugin for WordPress 4.4.8

References

https://www.tenable.com/security/research/tra-2020-44-0

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2020
Vulnerability Reserved
Jan 6, 2020