SQL Injection Vulnerability Affects Email Subscribers & Newsletters
CVE-2024-37252
9.3CRITICAL
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 26 June 2024
What is CVE-2024-37252?
An SQL Injection vulnerability exists in Icegram Email Subscribers & Newsletters, which allows attackers to manipulate SQL queries by inserting arbitrary SQL code. This issue can potentially lead to unauthorized access to sensitive data and the compromise of system integrity. The vulnerability affects versions of Email Subscribers & Newsletters from n/a up to 5.7.25, highlighting the importance of applying timely updates to safeguard against exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Email Subscribers & Newsletters <= 5.7.25
References
CVSS V3.1
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
shaman0x01 (Patchstack Alliance)