Unauthorized Access to Private and Password-Protected Posts in Email Subscribers Plugin
CVE-2024-3626
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 23 May 2024
What is CVE-2024-3626?
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17. This makes it possible for authenticated attackers, with subscriber access and above, to obtain the contents of private and password-protected posts.
Affected Version(s)
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce * <= 5.7.17