Email Subscribers Plugin Vulnerable to SQL Injection
CVE-2024-4295
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 5 June 2024
Badges
Summary
The Email Subscribers Plugin by Icegram Express for WordPress is vulnerable to SQL Injection through the 'hash' parameter, potentially allowing unauthenticated attackers to extract sensitive information from the database. The AdminLTE 3.1.0 software also has a directory traversal vulnerability, which can be exploited by remote attackers to gain escalated privileges and view sensitive information. There are no known exploits for these vulnerabilities by ransomware groups at this time.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
Cyber Security InformerCVE-2024-4295Top Cyber Security Informer Security Intelligence Big data Content for Wed.Jun 05, 2024
Best content around Security Intelligence Big data selected by the Cyber Security Informer community.
8 months ago
linuxpatch.comCVE-2024-4295Understanding CVE-2024-4295: Critical SQL Injection Vulnerability in Email Subscribers Plugin
A critical SQL Injection vulnerability has been identified in the Email Subscribers by Icegram Express plugin for WordPress, posing significant security risks.
8 months ago
prophaze.comCVE-2021-36471 : CVE-2021-36471ADMINLTE 3.1.0 /ADMIN/INDEX2.HTML PATH TRAVERSAL - Cloud WAF
CVE-2021-36471 : Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.
8 months ago
References
CVSS V3.1
Timeline
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by prophaze.com
Vulnerability published